If this is a server-side application, then all passwords should be stored as password hashes. You should NEVER store a password in the clear. You should salt the password before you hash it to add security.
Also, you should not encrypt clear text passwords. This is because if the attacker exploited your machine, chances are, they already have the encryption key you used to encrypt the passwords. Hashing is safer because you cannot 'unhash' a password.
My recommendation:
String password = hashFunc(password + username + salt);
Then store the passwords like that. Use SHA-2 hashing for reliable security.
That way when you recieve a password from your client, all you have to do is hash the password and compare the hashes.