Code Samples for Businesses, Schools & Developers

First Published 7 May 2023

This article was prompted when I was approached by the author of a thread at AccessForums.net: Access login to be case sensitive


By default, Access is case insensitive
That means comparing e.g."mypassword" with "MyPaSsWorD" returns True although they are clearly different.
This is useless when running password validation checks

When you need to do a case sensitive check, use the StrComp function with the binary comparison option

Syntax: StrComp(string1, string2, vbBinaryCompare)

For example: StrComp(EnteredPasswordString, StoredPasswordString, vbBinaryCompare)

The output will be -1, 0 , 1 or Null depending on the two string values.
Output = 0 means both strings are IDENTICAL including the case of each character and passes the validation check.
Any other output indicates differences so the check should fail

For more details, see the Microsoft Help article on the StrComp function

However, there is a better approach with an important additional step that will also make your passwords more secure

Passwords should NEVER be stored unencrypted in a database.
If anyone gains access to user passwords, you will have major data protection issues. Don't risk it!

Ideally, check usernames and passwords against the active directorywhich is designed to be secure. If so, a login form is NOT normally needed.

However, if you do want to utilise a login system, encrypt the passwords with a suitable encryption method such as SHA or RC4.
See my example database:
Password Login with Session Login Information which uses RC4 encryption.

To do this, each password is stored encrypted using the function RC4(PasswordString, RC4_Key) where RC4_Key is the encryption string.

This also has the benefit of giving different results depending on the case used for each character in the string. For example:

4 variations of the password 'OpenSesame' encrypted using RC4 with the encryption key 'isladogs'

?RC4("opensesame", "isladogs")
ÌÂ~—KkÙ±

?RC4("OpenSesamE", "isladogs")
ìÂ~·KkÙ‘

?RC4("OPENSESAME", "isladogs")
ì0â^·kKù.‘

?RC4("oPeNsEsAmE", "isladogs")
Ì0Â^—kkù‘


If you look carefully, all of these are subtly different
Then your password check process should do a binary comparison of theencrypted version of the entered password with the stored password.

The following code is a simplified version of the password validationcheck in my Password Login example database.

CODE:

Dim Attempts As Integer

'Check if encrypted version of entered password matches encrypted stored password

'use StrComp to do case sensitive password check
'output = 0 means both values are identical. Outputs of 1, -1 or Null all fail test

'Allow 3 attempts to enter correct password

If StrComp(Me.txtPWD, strPassword, vbBinaryCompare) <> 0 Then
      Attempts = Attempts + 1

      Select Case Attempts

      Case 1
           FormattedMsgBox "Invalid Password " & _
            "@NOTE: Passwords are case sensitive. Please try again @", vbInformation + vbOKOnly, "Password Error"

            Me.txtPWD = ""

      Case 2
            FormattedMsgBox "You have entered an incorrect password TWICE " & _
            "@You have ONE more attempt left @", vbExclamation + vbOKOnly, "Password Error"

            Me.txtPWD = ""

      Case 3
            FormattedMsgBox "You have entered an incorrect password THREE times " & _
            "@The application will now close @", vbCritical + vbOKOnly, "Password entry failed"
            Application.Quit
            Exit Sub
      End Select

Else
      'password matched - enable login button
      CmdLogin.Enabled = True
End If



NOTE:
The RC4 function code is supplied with the Password Login example database.

It is also an integral part of my Encrypted Split No Strings security challenge article elsewhere on this website.



Feedback

Please use the contact form below to let me know whether you found this article interesting/useful or if you have any questions/comments.

Please also consider making a donation towards the costs of maintaining this website. Thank you



Colin Riddington           Mendip Data Systems                 Last Updated 7 May 2023



Return to Code Samples Page




Return to Top