Example Apps for Businesses, Schools & Developers

Version 5.6       Approx 0.8 MB               First Published 21 Nov 2018               Last Updated 6 May 2023

This is an updated version of another old utility written by David Crake which was originally posted as a sample database at Access World Forums.

I have updated it following a request by MarcusGR in this thread at Access World Forums

The utility has been converted to ACCDB format and the code modified so it will work in any version of Access from 2007 onwards (32-bit or 64-bit).

Other changes made in this latest version include:
1.   The original MDB version used a weak form of XOR encoding for user passwords - very insecure.
      This version uses 128-bit RC4 encryption for much stronger protection of passwords.

      The password cipher in the example app is 'isladogs'
      This cipher can (and SHOULD) be changed in module modEncryption

2.   Added a new user form including various optional settings:
      a)   User access level (1/2/3) with default = 1 (standard user)
      b)   Password expiry (days) with default=0 (never expire)
      c)   Change own password (yes/no) with default=no

      For security, new users must enter their own password at first login

3.   The Login button remains disabled until the password has been validated

      The validation check includes:
      a)   Password expiry date (if any)
      b)   Users logged in on another computer – blocked from logging in again
      c)   Users still logged on current computer – the previous session is ended so that a new login is possible
      d)   The password check is now case sensitive (added version 5.6)
      e)   When the password is changed, the new password cannot match the previous password. Change of case isn't allowed here.

Further information about the app is given in the various forms supplied with this utility

The session log form (for system admins only) shows a list of currently logged in users:


The supplied example app has 6 users so the system can be tested:

      a)   Billy is not active so won’t appear in the drop down list
      b)   Jill has no password set so you will be prompted to enter a password
      c)   Tommy has an expired password - you will be prompted to enter a new password
      d)   All other users (Delilah / Jack / Samson) can login normally


For strong and effective password security in a production database you should:
1.   Use a split database with an encrpted backend file containing all tables (including passwords)
2.   Store the RC4 cipher itself in a hidden table or class module, encrypted using a different system!
3.   Ensure users have no access to tables
4.   Insist on passwords of a minimum length such as 8 characters to include at least
      one of each of the following: capital letter, small letter & number, special character
5.   Insist that passwords are not written down or e.g. stuck to users' monitors!

A skilled and determined hacker could, given sufficient time, still eventually crack the passwords.
For that reason, it is far better not to store the passwords in the same database.

Instead, use a secure system such as active directory to manage user logins

Version History:

v5.1 - 24/01/2019   - Fixed invalid use of null error at first login

v5.2 - 05/01/2020   - Fixed date errors in frmLogin causing errors 3075/3061 for some users

v5.3 - 17/02/2020   - Fixed further date error overlooked previously

v5.4 - 10/02/2021   - Removed 2 duplicate declarations from frmNewUser

v5.5 - 24/04/2023   - Fixed issue for non-English language users. Replaced boolean field for ChangePWD to a byte integer field. Tested in Spanish & English.
                                    Thanks to Pedro Moreno Rodriguez for alerting me to the issue

v5.6 - 06/05/2023   - Password validation check is now case sensitive
                                    For more details, see my article Case Sensitive Password Validation


Click to download:     Password Login v5.6     (zipped)


Please use the contact form below to let me know whether you found this article interesting/useful or if you have any questions/comments.

Also, do let me know if you find any bugs in the application.

Please also consider making a donation towards the costs of maintaining this website. Thank you

Colin Riddington           Mendip Data Systems                 Last Updated 6 May 2023

Return to Example Databases Page

Return to Top