Login form with strong User Password Encryption

I have been using a simple Logon form. The password is encrypted in the immediate window, and I then copy and paste that hash into the password field. This works in the attached database as far as matching is concerned.
There is no problem for me to create a "Welcome123" temporary password which I create and paste the hash for, but, I would prefer not to be involved in hashing their new password.

In other words, in the reset password form I would like to run a function that hashes their password and copies it into the t_Users Password as the newly hashed value...

Does anyone have a version they would be willing to share? With my limited knowledge I do not want to reinvent the wheel, and I would be more comfortable knowing this is something recommended from people that do understand a strong version vs a weak one.

My current Login database is attached if anyone would like to look. The encryption part is from a Steve Bishop video on You Tube and he cautions that it is very weak.
Logon-Master-Encryption-v-1.zip
Bill NelsonITAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

aikimarkCommented:
Is this Access application used in a corporate domain?  If so, use their login credentials.  If they are allowed to use your database, the fact that they have been authenticated by their domain server should be good enough for you.
0
Bill NelsonITAuthor Commented:
Yes, it is used in a Not for profit. The computer ID and WindowsUser ID is also tracked in t_User_Logs.
I believe that the Login credentials are a far superior measure of strength, however, I would still like to also add the extra encrypted layer just to help me sleep at night, lol...
0
Fabrice LambertFabrice LambertCommented:
Hi,

Untested, but the folowing link should cover your needs:
https://en.wikibooks.org/wiki/Visual_Basic_for_Applications/String_Hashing_in_VBA
0
10 Tips to Protect Your Business from Ransomware

Did you know that ransomware is the most widespread, destructive malware in the world today? It accounts for 39% of all security breaches, with ransomware gangsters projected to make $11.5B in profits from online extortion by 2019.

aikimarkCommented:
You can hash the allowed username values in the table.  Don't bother storing passwords.

If you feel like adding some strength, you can use a salt value, usually a GUID string.
0
Bill NelsonITAuthor Commented:
Thank you, but  what you are suggesting is a bit beyond me...

I worked out how to setup a password reset form so that whatever they decide upon as their final password, it is encrypted without my knowledge... The database is attached. Select Warren Nelson, password is Welcome. The database is set for him to have a password reset.
I have provided the encrypted Welcome password in t_Users so they can login their first time.
Once they update their password on the Password change form, the password is encrypted and saved as a hidden textbox which is bound to t_Users.Password and so the encrypted password is stored there now.
Logon-Master-Encryption-v-2.zip
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Gustav BrockCIOCommented:
This expert suggested creating a Gigs project.
You are asking for advice and receive two valid proposals, yet you reject both, while you claim it to be "ridiculous" that no one has created a ready-boiled solution for you.

It is fair not to have the time, patience, or knowledge to work out solutions, but then you should open a task in Gigs and stop acting miffed when no one wishes to take on the full work for you.

/gustav
0
Bill NelsonITAuthor Commented:
I really did not mean to offend anyone with my comments, especially the help offered by Aikimark. In fact I am hoping that one day I will be able to learn and utilize what he has offered, but I am unable to get what he suggested working due to my inexperience.

However, I do stand by my feeling that something as universal as a Login form with encryption should be a standard item found on the internet.

When I do figure it out, I will post it for others like me to learn from. Personally, I usually need to see things in their executable form to see how they work.

So please accept my sincere apology, Aikimark, if I offended you in any way. I actually really appreciate your help and plan to return to your suggestion when I have more time.

Bill
0
Bill NelsonITAuthor Commented:
The simplest solution for me at this time... I wish I could incorporate better encryption, but I am on a deadline for a work project and I have been at it all day combing through example after example and am frankly lost.
It just seems so ridiculous to me that the internet is not teeming with completed Login databases demonstrating all the different ways you can accomplish this....and I mean a complete working logon form that uses the best encryption possible... I guess most people do not struggle so much as I do when trying to figure this stuff out...but I keep plugging away and thanks to the many kind and knowledgeable people here at Expert's Exchange who actually attempt to help... wow I hope i will be able to repay that one day...but we will see if my laptop remains on the table and not flung against a wall......lol....
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Encryption

From novice to tech pro — start learning today.