Enforce Password Strength

Is there a way to enforce password strength in MS Access? I also need to setup a password expiration date. I already have a login system in place with a user change password form. Thank you!
Dana TimmermanAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Dale FyeOwner, Developing Solutions LLCCommented:
You might want to search EE on "Regular Expressions" and "Password".

Here is one EE article which will help you.

DatabaseMX (Joe Anderson - Microsoft Access MVP)Database Architect / Systems AnalystCommented:
No.  And because it's done via the UI, not seeing a way to do it by writing you own code either.
What version are you using?
<=A2003 only allowed 14 characters also ...
That has been removed I believe in >=A2007 ... and the password paradigm is much stronger than the useless scheme in <=A2003.
Dana TimmermanAuthor Commented:
Thank you!!!!
Determine the Perfect Price for Your IT Services

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden with our free interactive tool and use it to determine the right price for your IT services. Download your free eBook now!

It is better to enforce the password strength with Windows/AD.  If you need to restrict to certain users, then retrieve the currently logged in user and compare against a table/list of valid users.
The solution Dale pointed you to will get you started on evaluating strength.  To enforce change, you need to keep a password history table with the date of the change.  Each time the user logs on, you see how long it has been since he last saved a new password and force him to change at the appropriate interval.  The reason for keeping history is because if you are bothering to do this, you want to prevent people from toggling from pswrdA to pswrdB so you have to make sure that they don't reuse a password within a specific time period or ever if that is your business rule.
DatabaseMX (Joe Anderson - Microsoft Access MVP)Database Architect / Systems AnalystCommented:
My assumption was you are talking about the Access Database Password as opposed to rolling your own password form etc. Is that correct ?
If so ... you really don't have any control over Strength ...

Dana TimmermanAuthor Commented:
No, I am rolling out my own password form, etc. I am just working on password strength requirements. I also have the Login set to only allow 3 attempts with a wrong password. However, I am still trying to figure out how to then completely lock them out of the database if they have 3 failed attempts. What fields should I have in the table? I am fairly new to Access/VBA, but I am catching on. Oh and I am using Access 2010. Thank you!!!
DatabaseMX (Joe Anderson - Microsoft Access MVP)Database Architect / Systems AnalystCommented:
how will you lock them out of the Back End accdb ?
Dana TimmermanAuthor Commented:
I was intending on splitting the database into 2 and then saving the front end as ACCDE. I also shut off the ribbon, the navigation pane, and disabled the shift bypass key. I then have this login form with multiple users that uses different usertypes. This is my first database, so I know it's not perfect, but it is functioning so far. I could post the login form code that I have?

I just created a Password History table with a field for ChangedDate, UserName, and Attempts. I am still green with VBA, but I think I can do this without creating a new query, right?

All of you have been extremely helpful by the way. I appreciate it big time!
Jim Dettman (Microsoft MVP/ EE MVE)President / OwnerCommented:
<<No, I am rolling out my own password form, etc. I am just working on password strength requirements.>>

 That's what I thought you meant when you asked your question.  Take a look at the LEN() function.  You can use that, and then do a loop based on that to look at each character of a password using MID().  Use InStr() to determine what the character is, then set a flag saying they have the uppercase, lowercase, numeric, or special character in the string. i.e.

 intRet = InStr("ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz1234567890!@#$%^&*(){}[]:;"'<>,.", Mid(strPassword,x,1)

 If intRet = 0, they typed something you didn't allow.  > 0 then you can tell what it falls into (Uppercase, Lowercase, number, or special character).

 If you insist on a minimum length, at least one special character, and upper/lower case characters, then you've got it covered.

 You can even label based on the flags; lowercase letters only "Weak", letters and numbers "Poor", letters both upper and lowercase along with a number "Good", and if they have everything "Strong".

That should give you enough to get started.

There are numerous ways to approach this though and this is only one way.  Simple and straight forward though.


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Dana TimmermanAuthor Commented:
Thank you!!!!!!!!!!!!!!!!!!
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Microsoft Access

From novice to tech pro — start learning today.