Example Apps for Businesses, Schools & Developers

Screenshots

Click any image to view a larger version

PasswordLogin1 PasswordLogin2 PasswordLogin3 PasswordLogin4 PasswordLoginUsers

Version 5.4       Updated 10 Feb 2021               Approx 0.7 MB 

This is a new version of another old utility written by David Crake which was originally posted as a sample database at Access World Forums.

I have updated it following a request by MarcusGR in this thread at Access World Forums

The utility has been converted to ACCDB format and the code modified so it will work in any version of Access from 2007 onwards (32-bit or 64-bit).

Other changes made in this latest version include:
1.   The original MDB version used a weak form of XOR encoding for user passwords - very insecure.
      This version uses 128-bit RC4 encryption for much stronger protection of passwords.

      NOTE:
      The password cipher in the example app is 'isladogs'
      This cipher can (and SHOULD) be changed in module modEncryption

2.   Added a new user form including various optional settings:
      a)   User access level (1/2/3) with default = 1 (standard user)
      b)   Password expiry (days) with default=0 (never expire)
      c)   Change own password (yes/no) with default=no

      For security, new users must enter their own password at first login

3.   The Login button remains disabled until the password has been validated
      The validation check includes:
      a)   Password expiry date (if any)
      b)   Users logged in on another computer – blocked for logging in again
      c)   Users still logged on current computer – the previous session is ended so that a new
            login is possible
      d)   When the password is changed, the new password cannot match the previous password

Further information is given in the various forms supplied with this utility

The supplied example app has 6 users so the system can be tested - see screenshot on the right
      a)   Billy is not active so won’t appear in the drop down list
      b)   Jill has no password set so you will be prompted to enter a password
      c)   Tommy has an expired password - you will be prompted to enter a new password
      d)   All other users (Delilah / Jack / Samson) can login normally



NOTE:
For strong and effective password security in a production database you should:
1.   Use a split database with an encrpted backend file containing all tables (including passwords)
2.   Store the RC4 cipher itself in a hidden table or class module, encrypted using a different system!
3.   Ensure users have no access to tables
4.   Insist on passwords of a minimum length such as 8 characters to include at least
      one of each of the following: capital letter, small letter & number, special character
5.   Insist that passwords are not written down or e.g. stuck to users' monitors!

A skilled and determined hacker could, given sufficient time, still eventually crack the passwords.
For that reason, it is far better not to store the passwords in the same database.

Instead, use a secure system such as active directory to manage user logins



Version History:>

v5.1 - 24/01/2019   - Fixed invalid use of null error at first login

v5.2 - 05/01/2020   - Fixed date errors in frmLogin causing errors 3075/3061 for some users

v5.3 - 17/02/2020   - Fixed further date error overlooked previously

v5.4 - 10/02/2021   - Removed 2 duplicate declarations from frmNewUser



Click to download:     Password Login v5.4     (zipped)



Colin Riddington           Mendip Data Systems                 Last Updated 10 Feb 2021

Return to Example Databases Page Return to Top