Login form with strong User Password Encryption

I have been using a simple Logon form. The password is encrypted in the immediate window, and I then copy and paste that hash into the password field. This works in the attached database as far as matching is concerned.
There is no problem for me to create a "Welcome123" temporary password which I create and paste the hash for, but, I would prefer not to be involved in hashing their new password.

In other words, in the reset password form I would like to run a function that hashes their password and copies it into the t_Users Password as the newly hashed value...

Does anyone have a version they would be willing to share? With my limited knowledge I do not want to reinvent the wheel, and I would be more comfortable knowing this is something recommended from people that do understand a strong version vs a weak one.

My current Login database is attached if anyone would like to look. The encryption part is from a Steve Bishop video on You Tube and he cautions that it is very weak.
Logon-Master-Encryption-v-1.zip
Bill NelsonAsked:
Who is Participating?
 
Bill NelsonConnect With a Mentor Author Commented:
Thank you, but  what you are suggesting is a bit beyond me...

I worked out how to setup a password reset form so that whatever they decide upon as their final password, it is encrypted without my knowledge... The database is attached. Select Warren Nelson, password is Welcome. The database is set for him to have a password reset.
I have provided the encrypted Welcome password in t_Users so they can login their first time.
Once they update their password on the Password change form, the password is encrypted and saved as a hidden textbox which is bound to t_Users.Password and so the encrypted password is stored there now.
Logon-Master-Encryption-v-2.zip
0
 
aikimarkCommented:
Is this Access application used in a corporate domain?  If so, use their login credentials.  If they are allowed to use your database, the fact that they have been authenticated by their domain server should be good enough for you.
0
 
Bill NelsonAuthor Commented:
Yes, it is used in a Not for profit. The computer ID and WindowsUser ID is also tracked in t_User_Logs.
I believe that the Login credentials are a far superior measure of strength, however, I would still like to also add the extra encrypted layer just to help me sleep at night, lol...
0
Improve Your Query Performance Tuning

In this FREE six-day email course, you'll learn from Janis Griffin, Database Performance Evangelist. She'll teach 12 steps that you can use to optimize your queries as much as possible and see measurable results in your work. Get started today!

 
Fabrice LambertFabrice LambertCommented:
Hi,

Untested, but the folowing link should cover your needs:
https://en.wikibooks.org/wiki/Visual_Basic_for_Applications/String_Hashing_in_VBA
0
 
aikimarkCommented:
You can hash the allowed username values in the table.  Don't bother storing passwords.

If you feel like adding some strength, you can use a salt value, usually a GUID string.
0
 
Gustav BrockCIOCommented:
This expert suggested creating a Gigs project.
You are asking for advice and receive two valid proposals, yet you reject both, while you claim it to be "ridiculous" that no one has created a ready-boiled solution for you.

It is fair not to have the time, patience, or knowledge to work out solutions, but then you should open a task in Gigs and stop acting miffed when no one wishes to take on the full work for you.

/gustav
0
 
Bill NelsonAuthor Commented:
I really did not mean to offend anyone with my comments, especially the help offered by Aikimark. In fact I am hoping that one day I will be able to learn and utilize what he has offered, but I am unable to get what he suggested working due to my inexperience.

However, I do stand by my feeling that something as universal as a Login form with encryption should be a standard item found on the internet.

When I do figure it out, I will post it for others like me to learn from. Personally, I usually need to see things in their executable form to see how they work.

So please accept my sincere apology, Aikimark, if I offended you in any way. I actually really appreciate your help and plan to return to your suggestion when I have more time.

Bill
0
 
Bill NelsonAuthor Commented:
The simplest solution for me at this time... I wish I could incorporate better encryption, but I am on a deadline for a work project and I have been at it all day combing through example after example and am frankly lost.
It just seems so ridiculous to me that the internet is not teeming with completed Login databases demonstrating all the different ways you can accomplish this....and I mean a complete working logon form that uses the best encryption possible... I guess most people do not struggle so much as I do when trying to figure this stuff out...but I keep plugging away and thanks to the many kind and knowledgeable people here at Expert's Exchange who actually attempt to help... wow I hope i will be able to repay that one day...but we will see if my laptop remains on the table and not flung against a wall......lol....
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.