Force Change PW 3
By Richard Rost
3 years ago
Enforce Regular Password Updates in Access, Part 3
This is Part 3. In this Microsoft Access tutorial, discover how to enhance database security by enforcing periodic password changes, ensuring users update their credentials every 30 or 90 days. A must-watch for maintaining robust user-level security protocols.
Members
Members will learn how to force the user to create strong passwords. The password must have a minimum of four characters and a maximum of 20. It should include at least one lowercase and one uppercase character, a number, and a special character (e.g., an exclamation point). Additionally, we will create an eyeball button that allows the user to view the password and disable the input mask, which hides the characters as stars.
Silver Members and up get access to view Extended Cut videos, when available. Gold Members can download the files from class plus get access to the Code Vault. If you're not a member, Join Today!
Prerequisites
Recommended Courses
Keywords
TechHelp Access
Intro In this video, I will show you how to finish setting up a system to force users to change their passwords in Microsoft Access. We'll cover best practices for saving and closing forms, handling password mismatches, managing user experience with SetFocus, and tracking password changes in your tables. I will also demonstrate how to add new users to your system and review the entire password change workflow. This is part 3.Transcript Welcome to another TechHelp video brought to you by AccessLearningZone.com. I'm your instructor, Richard Rost.
Welcome to part three, the final part of my Force Change Password series. Of course, if you haven't watched parts one and two, go watch those first. You will find links down below.
We now join the program. Now we can continue.
On to Disneyland... I'm just kidding. Then you go to the main menu.
DoCmd.OpenForm "MainMenuF" and then DoCmd.Close acForm.
Let's just do: , acSaveYes. You could put acForm, Me.Name, acSaveYes, but those are the default current object.
acSaveYes is for you, the developer, so you don't accidentally close the form without saving it. If you put acSaveNo in there, your end users can't save it because they're working with an ACCDE file and they can't save design changes.
If they want to debug and compile, I think we're just about good here. Let's test it. I'm going to close the database and open it up.
Username: Richard. Let me put the wrong password in. Incorrect password. Closes down - perfect.
You can give people three attempts if you want to. I just close the database. It makes it harder for them. They have to come back in. I think my password before was 599CD.
Passwords more than 30 days old, please change it. You can slide this over if you want it in a different spot, but it doesn't matter.
So, Password1. I'm going to go "abcd", all lowercase. Let's go "abcde". Don't match.
This, you can give them as many tries as they want, really. Maybe for this you might want to drop the focus back on Password2. That's definitely an option. I'm going to click on this button to bring the code editor back.
Let's go back to the other form.
Actually, no, it's right here in front of me. I don't want to have to put in here, you know, Exit Sub, Exit Sub. I don't have to put in conditions for all that, so what I'm going to do is, just right before this stuff executes, I'm going to say Password2.SetFocus.
Because then it's either going to Exit the form, Exit the form, Exit the form, or Update and exit the form - you're not going to care. So it's either going to do the update and leave or it's just going to exit and put you back on Password2.
That avoids having to put a whole bunch of If...Then clauses with other stuff in here or multiple copies of Password2.SetFocus.
Back in here, I got stuff that's not right. Enter password, don't match. I'm sitting right back on Password2 - see how easy it is? It's all about the user experience. Make it easy for them.
Let's leave one of them blank. Update: Password2 missing. Let's put abcd, but all caps. Let's see if that upper/lowercase thing matters. There we go. See, I typed in all uppercase, and now let's do it right: abcd, Enter. And I don't have any errors.
Okay, this is a mistake. This is a Rick mistake. I'm leaving it in the video to teach you what I just did.
Remember over here, I was being cheesy, right here, and I said Close, and normally this is the object that you're working in. The defaults are the current form, and it gives the name of the form - that's the default.
But can anyone see the problem here? Watch what happens if I click Update. Do you see it? The main menu is flashing and then closing immediately because I messed up.
Like I always do, I'm leaving my mess-ups in the code in the video so you can see it and learn from it. Once you open another form, that is now the current form.
So what I was initially going to do I have to do here, and there's a reason why that code is in my outline that I made - because you need it.
So, acForm, and if you want to see all the intellisense within here, do "Close acForm," you could put the object's name in here, or just Me.Name. Yes, this will get the name of the form that you're working with, it won't get the current one that's open, and then again acSaveYes.
Now save it. This is the correct code. I was trying to cut corners before, I thought that would work in Ready, and go - there's your main menu.
The other form is closed in the background.
If you check your table, there you go: abcd, and the date has been updated.
Not that hard. Easy enough to do. If you want to add a new user, of course, you, the admin, can make your own little admin form. If I put a username of Kirk in here, give him a password of 123, don't leave a date in there, close it down.
Kirk logs in. Username: Kirk, password: 123. Got it. Change password. What do you want? 1701, 1701, Enter, and it's good. Check the table, and there's my new password.
Everybody good? We're happy, we're done.
Like I said before, if you want to do a little more with this stuff, in the extended cut we're going to do strong passwords: 12 to 20 characters, a lower and uppercase, a digit, a special character, and a little button you can click on to see your password.
You've seen these on websites before - you want to be able to see what this is to make sure you typed that in right. You click the little button here: peekaboo.
That is covered in the extended cut for the members. Silver members and up get access to all of my extended cut videos, and gold members can download these databases and have access to the code vault.
As I mentioned in the User Level Security video, the tips I show you in that video are good enough for most office environments. But if you really want to secure and lock down your database, I recommend my Security Seminar. I go through many more techniques for locking down your Access database as well as can be. Is it perfect? No. Access really can't be. It's just as secure as you can make Access.
If you want true, real security, you need a database server like SQL Server.
At least in this seminar, I show you how to make it as secure as possible, and even the techniques that I show you in this seminar are good for if you are using SQL Server. This stuff will help you lock down your front end, so check it out. There's a link down below.
If you enjoy learning with me and you want more training in VBA and stuff like that, check out my Developer Lessons. I've got 40 some levels. Each level is at least an hour, so it's like, I don't know, I haven't added it up lately, it's like 70-80 hours of training. Check it out - there's a link.
Of course, no database would be complete without quality SQL behind it, like I just showed you in today's class. I have a three-part SQL seminar that teaches you everything you need to know. Even if you just take parts one and two, that's mostly select queries and then action queries in addition to union queries. Part three is all about modifying the structure of a database with SQL.
So that's all cool too, but check it out if you want to learn more - link down below.
There you go - there's your TechHelp video for today. I hope you learned something. Members, I'll see you in the extended cut.
Live long and prosper, my friends. I'll see you next time.Quiz Q1. What is the purpose of using acSaveYes when closing a form in Access?
A. To ensure any design changes made to the form are saved.
B. To reset all form data to default values.
C. To prevent users from saving any data at all.
D. To force Access to ignore any changes made.
Q2. Why can end users NOT save design changes in ACCDE files?
A. ACCDE files are read-only and only allow data entry.
B. ACCDE files restrict users from saving design changes for security and stability.
C. ACCDE files automatically save all changes without prompting.
D. ACCDE files require administrator passwords to save changes.
Q3. When the user tries to change their password and enters the two new passwords but they do NOT match, what should the program do for better user experience?
A. Automatically generate a new password for them.
B. Drop the focus back on Password2 for the user to try again.
C. Lock the account after three attempts.
D. Submit the password anyway.
Q4. When closing a form after opening another form with DoCmd.OpenForm, what mistake did Richard make in his code?
A. He tried to close the main menu form instead of the current form.
B. He used acSaveNo instead of acSaveYes.
C. He referenced the wrong form as the current form, causing the main menu to close unintentionally.
D. He forgot to save the underlying table.
Q5. What would be a recommended way to close the correct form after another form is opened?
A. Use DoCmd.Close without specifying any objects.
B. Use DoCmd.Close acForm, Me.Name, acSaveYes to specify the current form being worked on.
C. Use DoCmd.Close acTable, [TableName].
D. Use the Close button on the Access window only.
Q6. In this password system, what happens when a password is more than 30 days old?
A. The user is forced to log out automatically.
B. The system requests the user to change their password.
C. The user's account is deleted from the database.
D. The user can continue to use the old password indefinitely.
Q7. According to the video, what is a benefit of allowing multiple tries or focusing back to Password2 when passwords do not match?
A. It helps memorize passwords better.
B. It makes the user experience smoother and less frustrating.
C. It increases the risk of security breaches.
D. It reduces password complexity.
Q8. How does the video suggest handling passwords for better security in the extended cut?
A. Only numeric passwords are allowed.
B. Require passwords to be 12 to 20 characters, include uppercase, lowercase, digit, and special character.
C. Accept passwords that do not match for the first three attempts.
D. Allow users to leave their passwords blank for convenience.
Q9. What technique is suggested for letting users verify what they have typed into a password field?
A. Display the password on a separate label.
B. Provide a 'peekaboo' button to show the password as plain text.
C. Email the password back to the user for confirmation.
D. Print the password on the main menu.
Q10. Why is SQL Server recommended if you want real database security, according to the video?
A. Access databases are already as secure as possible.
B. SQL Server provides features to truly secure and lock down a database beyond what Access can do.
C. Access cannot handle passwords of more than 12 characters.
D. SQL Server is easier for beginners to use.
Q11. What additional benefits do Silver and Gold members get according to the video?
A. Ability to access basic code samples only.
B. Access to extended cut videos, downloadable databases, and the code vault.
C. Free Access licenses for all users.
D. Automated password reset tools.
Q12. What type of queries are mostly taught in parts one and two of the three-part SQL seminar?
A. Only action queries.
B. Select queries and action queries, as well as union queries.
C. Make-table queries only.
D. Only queries for importing data from Excel.
Answers: 1-A; 2-B; 3-B; 4-C; 5-B; 6-B; 7-B; 8-B; 9-B; 10-B; 11-B; 12-B.
DISCLAIMER: Quiz questions are AI generated. If you find any that are wrong, don't make sense, or aren't related to the video topic at hand, then please post a comment and let me know. Thanks.Summary Today's TechHelp tutorial from Access Learning Zone covers the third and final part of my Force Change Password series. If you haven't yet seen parts one and two, I recommend checking those out first to get up to speed.
In this lesson, I wrap up the process we've been building. Once the password requirements are met and the user submits the form, the application will proceed to open the main menu. The underlying code includes instructions to save and close the password change form. Specifically, the acSaveYes argument helps ensure developers never accidentally lose changes when closing a form. Even though end users running an ACCDE file can't save design changes, it's still good practice to keep this in for your own protection while developing.
To test everything, I closed and reopened the database. When attempting to log in with the wrong password, the application immediately shut down, which is the desired behavior if you want to limit unauthorized attempts. I prefer closing the database after one failed try, but you could allow users up to three attempts if you wish.
When users are prompted to change their password because it's more than 30 days old, they are taken to the password change form. The position of this form is purely cosmetic and can be moved as you see fit. During the password change process, if the two password entries do not match, the form remains open, and users can keep trying until they get it right. For improved usability, I recommend setting the focus back to the second password entry box any time the confirmation fails. This way, users can quickly re-enter the correct value without unnecessary clicks.
I also intentionally left in a mistake to highlight a common pitfall in code. If you use the default closing method, Access assumes you want to close the current form. However, if you've opened a new form, such as the main menu, that now becomes the current object. As a result, the main menu may close immediately after opening if you're not careful with how you specify which form to close. To avoid this, be explicit in your code and reference the form you actually want to close by name, or use Me.Name to refer to the currently running form.
With these changes made, the process works as intended: the user changes their password, the password is updated in the table along with the date, and the forms behave as expected. If you need to add a new user, you as the admin can create a dedicated admin form. After adding a new user, that user can log in and will be prompted to change their password, updating their account just like everyone else.
If you're interested in further enhancements, in today's Extended Cut we will cover enforcing strong passwords. This means requiring passwords of 12 to 20 characters that must include both upper and lowercase letters, at least one digit, and a special character. I'll also show you how to add a button to show or hide the password input, something you've probably seen on many websites.
All of these advanced topics are covered for members in the Extended Cut. Silver members and above can watch these videos, and Gold members have the added benefit of downloading the databases and accessing the code vault.
As I've mentioned before in my User Level Security video, the techniques I've shown so far will work well for most office environments. For more robust security, I suggest checking out my Security Seminar. It presents additional strategies for securing and locking down your Access databases, as much as Access allows. Of course, if you need true enterprise-level security, a database server like SQL Server is your best option, but my seminar will help you make your Access front end as secure as possible.
If you're interested in diving deeper into VBA or database development, be sure to check out my Developer Lessons series. There are over 40 levels, each with at least an hour of content, so you'll find plenty of material to strengthen your skills. And for anyone looking to master SQL, I offer a comprehensive three-part seminar covering everything from select queries, action queries, and union queries, to modifying database structure using SQL.
I hope this guide helped clarify the process of forcing password changes in your Access databases. For complete step-by-step instructions, including everything we covered here, visit my website at the link below.
Live long and prosper, my friends.Topic List Opening and closing forms using DoCmd.OpenForm and DoCmd.Close
Understanding and using acSaveYes when closing forms
Testing password entry and handling incorrect passwords
Automatically closing the database on failed login
Forcing user to change password after 30 days
Handling password mismatches during change
Using Password2.SetFocus for user-friendly error correction
Validating blank password fields during password change
Demonstrating case sensitivity in password entry
Correctly specifying which form to close in VBA
Updating user passwords and change date in a table
Manually adding a new user to the users table
Logging in as a new user and prompting for password change |
