You can encrypt username/logonid but I don't think that would add much more security in your context than not encrypting them. If your goal is to prevent admins/dba's and people who have access to the backend database from impersonating users (by resetting passwords etc.), the best way would probably be to implement multi-factor authentication.
In this scenario, your users would provide multiple authentication parameters for example:
- A password which is hashed or encrypted in the database and also a token key code for example which would be time generated (via a token they would hold), or
- A password and elements of personal information, for example the first/third/last (these positions change) letters of their security question which would be encrypted in your database.
Also you may want to consider implementing a robust login/logout audit trail so that suspicious logins can be traced back. This database should maintain its integrity (ie. admins should not be able to modify its contents easily) and you can achieve that by using checksums and/or storing the audit tables in a database that is accessible by a different group of admins.