This is a new version of another old utility written by David Crake which was originally posted as a sample database at Access World Forums. I have updated it following a request by MarcusGR in this thread at Access World Forums
I have converted the utility to ACCDB and modified the code so it will work in any version of Access from 2007 onwards (32-bit or 64-bit)
Other changes made in this latest version include:
1. The original MDB version used a weak form of XOR encoding for user passwords.
This version uses RC4 encryption for stronger protection of passwords
NOTE: the password cipher is 'isladogs' but this can be changed in module
2. Added a new user form including various optional settings:
a) User access level (1/2/3) with default = 1 (standard user)
b) Password expiry (days) with default=0 (never expire)
c) Change own password (yes/no) with default=no
For security, new users must enter their own password at first login
3. Login button remains disabled until the password has been validated
The validation check includes:
a) Password expiry date (if any)
b) Users logged in on another computer – blocked for logging in again
c) Users still logged on current computer – previous session is ended so
a new login is possible
d) Where the password is changed, new password cannot match previous
Further information is given in the various forms supplied with this utility
As supplied, there are 6 users so the system can be tested - see screenshot on the right
a) Billy is not active so won’t appear in drop down list
b) Jill has no password set so you will be prompted to enter a password
c) Tommy has a password which expired on 5 Nov 2018 so you will be prompted to
enter a new password
d) All other users can login normally (Delilah / Jack / Samson)
NOTE: For effective password security in a production database:
1. Use a split database with an encrpted backend file containing all tables
2. Store the RC4 cipher itself in a table, encrypted using a different system!
3. Ensure users have no access to tables
4. Insist on passwords of a minimum length such as 8 characters to include at least
one of each of the following: capital letter, small letter & number
5. Insist that passwords are not written down or e.g. stuck to users' monitor!
Of course, a skilled and determined hacker could, given sufficient time, still eventually crack the passwords.
For that reason, it is better not to store the passwords in the same database
Instead use a system such as active directory to manage user logins
Click to download: Password Login (zipped)
Click any image to view a larger version ...