Currently I have a MySQL database with a user table that stores users, their passwords (encrypted) and a token. My login page authenticates the user's username and password against that table, and if its good, passes them a token that gets stored in a cookie and validated on API calls.

My problem with this is I'm doing this in an old ASP.NET webforms site with a lot of "old" code and I've been looking at better or more secure ways of authentication. In a slightly newer project I use the same logic but use Forms Authentication to validate the user being logged in and preventing access to pages when they aren't authenticated.

Is forms authentication still "secure" enough to be, I guess, "industry standard?" I'm not super savvy in encryption methods and security and I want to be more proactive in updating this old webforms site to be safe and not worry about always manually checking/validating their authentication cookie on page load.