First Published 23 Jan 2023                 Last Updated 30 June 2024

The golden rules when setting a password are that it should be long and very strong
In fact, just like the old TV adverts for Andrex toilet paper with the puppy!



It should also be difficult to guess - ideally contain a mixture of upper and lower case letters, numbers and special characters.
Doing all the above, makes it MUCH harder for passwords to be cracked by brute force attacks.

Even using a very powerful computer, a long, strong password can take so long to crack that it isn't worth the time and effort

PwdCrackTimes
For this reason, the minimum requirements for user passwords have become more stringent over the past few years.
Perhaps this is taking things a bit too far!

PasswordRules
Image - thanks to https://www.emotional-rescue.com

Of course, if the password is written down and stuck to the monitor as a memory aid, it is of no use whatsoever.

One good way of remembering a complex password is to make it into a sentence that won't be obvious to others

For example, consider the 20 character password: NMiaIHaPasPoVwC2YsJA
This password can be remembered as being the first letters in these song lyrics No Man Is An Island, He's a Peninsula from the old song A Small Package Of Value Will Come to You Shortly by the band Jefferson Airplane.

See my recent article: Why Isladogs? Why Access?



Access Password Lengths

Since Access 2007, the maximum length of a Access database password has been 20 characters. Prior to that the limit was 14 characters
See Access specifications

NOTE: You can create a password with more than 20 characters. However, only the first 20 characters are actually used. Anything after that is ignored

However, whilst you can successfully link tables from a database with a 20 character password, attempting to open the linked table(s) generates the ‘not a valid password’ error (prior to Access 365 version 2305)

NotValidPwd
This meant that the maximum useable length for a backend database password was therefore 19 characters (NOT 20).

Normally connection strings for linked Access tables including the password are stored in the Connect field in the system table MSysObjects

However, the process failed where the password length is 20 because the connection string information is not saved.

ConnectString



UPDATE 7 June 2023
The issue with linked tables and passwords of 20 characters was fixed in Access 365 version 2305 (build 16501.20196) released on 1 June 2023.
For more details, see Access Releases 14 Issue Fixes in Version 2305 (Released June 1st, 2023)
NOTE: Older versions are still affected by the bug

The above screenshot also shows an important security weakness for linked Access databases. The linked password is displayed without being masked by asterisks.

NOTE: By contrast, linked ODBC tables such as SQL Server do NOT display any information about the password in the connection string.

ConnectStringSQL
Microsoft are aware of these linked password issues . Hopefully these will be addressed at some point in the not too distant future.



Download

You can download a very simple database to test this for yourself.

      Password Length Test       Approx 1.2 MB (zipped)

The zip file contains a front end database (with no password) containing 2 linked tables:
The first BE database has a (very weak) 19 character password : abcdefghijklmnopqrs
The second BE database has a (similarly weak) 20 character password : abcdefghijklmnopqrst

Relink the paths for the two tables then try to open each from the navigation pane. The second table will generate the error.



Feedback

Please use the contact form below to let me know whether you found this article interesting/useful or if you have any questions/comments.

Please also consider making a donation towards the costs of maintaining this website. Thank you



Colin Riddington           Mendip Data Systems                 Last Updated 30 June 2024



Return to Access Blog Page




Return to Top