Login form with strong User Password Encryption

Bill Nelson
Bill Nelson used Ask the Experts™
I have been using a simple Logon form. The password is encrypted in the immediate window, and I then copy and paste that hash into the password field. This works in the attached database as far as matching is concerned.
There is no problem for me to create a "Welcome123" temporary password which I create and paste the hash for, but, I would prefer not to be involved in hashing their new password.

In other words, in the reset password form I would like to run a function that hashes their password and copies it into the t_Users Password as the newly hashed value...

Does anyone have a version they would be willing to share? With my limited knowledge I do not want to reinvent the wheel, and I would be more comfortable knowing this is something recommended from people that do understand a strong version vs a weak one.

My current Login database is attached if anyone would like to look. The encryption part is from a Steve Bishop video on You Tube and he cautions that it is very weak.
Watch Question

Do more with

Expert Office
EXPERT OFFICE® is a registered trademark of EXPERTS EXCHANGE®
Top Expert 2014

Is this Access application used in a corporate domain?  If so, use their login credentials.  If they are allowed to use your database, the fact that they have been authenticated by their domain server should be good enough for you.


Yes, it is used in a Not for profit. The computer ID and WindowsUser ID is also tracked in t_User_Logs.
I believe that the Login credentials are a far superior measure of strength, however, I would still like to also add the extra encrypted layer just to help me sleep at night, lol...
Fabrice LambertConsulting
Distinguished Expert 2017


Untested, but the folowing link should cover your needs:
Ensure you’re charging the right price for your IT

Do you wonder if your IT business is truly profitable or if you should raise your prices? Learn how to calculate your overhead burden using our free interactive tool and use it to determine the right price for your IT services. Start calculating Now!

Top Expert 2014

You can hash the allowed username values in the table.  Don't bother storing passwords.

If you feel like adding some strength, you can use a salt value, usually a GUID string.
Thank you, but  what you are suggesting is a bit beyond me...

I worked out how to setup a password reset form so that whatever they decide upon as their final password, it is encrypted without my knowledge... The database is attached. Select Warren Nelson, password is Welcome. The database is set for him to have a password reset.
I have provided the encrypted Welcome password in t_Users so they can login their first time.
Once they update their password on the Password change form, the password is encrypted and saved as a hidden textbox which is bound to t_Users.Password and so the encrypted password is stored there now.
Most Valuable Expert 2015
Distinguished Expert 2018

You are asking for advice and receive two valid proposals, yet you reject both, while you claim it to be "ridiculous" that no one has created a ready-boiled solution for you.

It is fair not to have the time, patience, or knowledge to work out solutions, but then you should open a task in Gigs and stop acting miffed when no one wishes to take on the full work for you.



I really did not mean to offend anyone with my comments, especially the help offered by Aikimark. In fact I am hoping that one day I will be able to learn and utilize what he has offered, but I am unable to get what he suggested working due to my inexperience.

However, I do stand by my feeling that something as universal as a Login form with encryption should be a standard item found on the internet.

When I do figure it out, I will post it for others like me to learn from. Personally, I usually need to see things in their executable form to see how they work.

So please accept my sincere apology, Aikimark, if I offended you in any way. I actually really appreciate your help and plan to return to your suggestion when I have more time.



The simplest solution for me at this time... I wish I could incorporate better encryption, but I am on a deadline for a work project and I have been at it all day combing through example after example and am frankly lost.
It just seems so ridiculous to me that the internet is not teeming with completed Login databases demonstrating all the different ways you can accomplish this....and I mean a complete working logon form that uses the best encryption possible... I guess most people do not struggle so much as I do when trying to figure this stuff out...but I keep plugging away and thanks to the many kind and knowledgeable people here at Expert's Exchange who actually attempt to help... wow I hope i will be able to repay that one day...but we will see if my laptop remains on the table and not flung against a wall......lol....

Do more with

Expert Office
Submit tech questions to Ask the Experts™ at any time to receive solutions, advice, and new ideas from leading industry professionals.

Start 7-Day Free Trial