I found this great post on Stack Overflow which seems to describe what I should be doing based off of your suggestions as well:
It explains that you should salt and hash the password using the SHA-256 algorithm from OpenSSL.
But a few questions still linger.
How should I still send the password (and other info like login/email) to the server by itself so I can still salt/hash it? Should just still be sending it through WSASetSocketSecurity() be safe enough since I will be salt/hashing it on server and not storing the password in any way on the server? (Should I be masking the data somehow to deter packet sniffers? etc..)
Does WSASetSocketSecurity() have any performance issues? Should I just leave it on for the player the whole game? Or just use it when sending sensitive information packets?
I hope I am thinking about this the right way. Of all my years programming I just seem to have a bit of trouble wrapping my head around this.