Better Password Input Mask? (1 Viewer)

[DeanFran]

I almost always create a login form, and have always just used the password input mask, and let users create whatever password they like, but I have often wondered how to create an improved password requirement, i.e. at least 4 lettesr, and 4 numbers or some such, but have never been able to figure out how to combine that with the asterisks of the standard password input mask. Is there a way to force the display formatting, and force users to conform to a certain password formula?

 

[gemma-the-husky]

when a user enters there password, you need a process that examines the string and validates it against your parameters.

ie - minimum/maximum length, etc.

I doubt if you can easily pattern match. I would think it's just a matter of brute force checking to count numeric/alphas/capitals/special chars etc.

It's only a few clock ticks, so any validation of this type will be virtually instant.

 

[plog]

1. Why do you need an input mask? Some guy across the street with a telegraphic lens stealing passwords a big issue with the sensitive data you store in Microsoft Access? Those stars are more a security tradition than a security feature.

2. Have you read up on password security? Capricious character requirements really aren't that more secure. Especially when I can walk around my office, lift keyboards and feel on the side of monitors and get a 50% hit rate on finding passwords.

3. Are you storing these passwords as plain text within Access itself? Or are you using a hashing function?

If actual security is important to you, I suggest you read up on best practices.