Make Passwords Case Sensative - StrComp()

[Snowflake68]

Hi I have the following line of code that checks a password in a table which on the face of it works however it is not case sensitive and I have been trying to find information online and it would appear to use the StrComp function which would then make it case sensitive but I dont know how to apply it to my code or suggest another method.

If Me.txtPassword.Value = DLookup("EmpPassword", "tblEmployees", "[EmpID]=" & Me.cboEmployee.Value) Then

Hope someone can help a damsel in distress yet again. :banghead:

Many thanks

 

[moke123]

heres a link on strComp()https://www.techonthenet.com/access/functions/string/strcomp.php

you would want to use vbBinaryCompare for a case sensitive comparison

 

[missinglinq]

For a Form used for login only, the easiest way to do this would probably be, in the code window, at the top, replace

Option Compare Database

with

Option Compare Binary

Now, for that Form, all comparisons will be Case Sensitive.

Linq ;0)>

 

[mloucel]

For a Form used for login only, the easiest way to do this would probably be, in the code window, at the top, replace

Option Compare Database

with

Option Compare Binary

Now, for that Form, all comparisons will be Case Sensitive.

Linq ;0)>

So Simple yet so powerful...

 

[Isaac]

So Simple yet so powerful...

I really wouldn't recommend missing link's suggestion.
- You forgetting you put that at the top of a module and thus messing up all the rest of the code in the module later on
...is much more likely than
- You being happy you solved a problem of a single line of code by doing so

Use strcomp.

 

[Uncle Gizmo]

This thread brought back memories! I added a password protected login form to the first database I ever built in MS Access. I wanted the password to be case sensitive as well! I ended up paying a guy from India about £50 for a single line of code!

 

[mloucel]

This thread brought back memories! I added a password protected login form to the first database I ever built in MS Access. I wanted the password to be case sensitive as well! I ended up paying a guy from India about £50 for a single line of code!

Now Share that Line of code

 

[mloucel]

I really wouldn't recommend missing link's suggestion.
- You forgetting you put that at the top of a module and thus messing up all the rest of the code in the module later on
...is much more likely than
- You being happy you solved a problem of a single line of code by doing so

Use strcomp.

Reconsidering..

 

[Pat Hartman]

Access is inherently insecure so trying to get a strong password, isn't going to do very much. Who are you trying to secure the db from? You need to add some security simply to avoid accidents by fat-fingered users. But don't make yourself crazy over it.

If you really want to do this, write your own function that loops character by character through the password and matches it to the stored password by its ASCII value. The ASCII values for upper and lower case letters are different. I don't have any code but it doesn't sound like it would be too hard.

 

[CJ_London]

A bit more secure would be to hash the password and store the hashed value

When a user tries to enter a password, hash that and compare with the stored hash value.

Benefit is you are not storing the actual password which can easily be discovered by anyone with a small amount of experience with access

 

[mloucel]

Access is inherently insecure so trying to get a strong password, isn't going to do very much. Who are you trying to secure the db from? You need to add some security simply to avoid accidents by fat-fingered users. But don't make yourself crazy over it.

If you really want to do this, write your own function that loops character by character through the password and matches it to the stored password by its ASCII value. The ASCII values for upper and lower case letters are different. I don't have any code but it doesn't sound like it would be too hard.

That would be awesome, but my knowledge is WAYYYY too little to even try, I know about the ASCII code, but is for now, something that I can do in the future.

 

[mloucel]

A bit more secure would be to hash the password and store the hashed value

When a user tries to enter a password, hash that and compare with the stored hash value.

Benefit is you are not storing the actual password which can easily be discovered by anyone with a small amount of experience with access

Well yes, but, I am just learning step by step, and I have no idea on how to do that with access, I know in my network all passwords are hashed with SHA512 and using no less than 10 characters, (2 Minimum each) Upper, Lower, Number and Special Characters, those are my defaults in my network.
But to do this in access, I have 0 knowledge.
I've seen some ideas from Colin and have applied 1 or two easy ones, but eventually I will learn.

 

[Uncle Gizmo]

Now Share that Line of code

Well, it was over 20 years ago so I have no idea where it is!

But this might do it:-

Function CheckPassword(userInput As String, storedPassword As String) As Boolean
    ' Compare the entered password with the stored password
    CheckPassword = (StrComp(userInput, storedPassword, vbBinaryCompare) = 0)
End Function

 

[Isaac]

In my years of developing in Access spread across a lot of clients and employers from tiny to fortune 500, VERY rarely if ever have I served a user audience that was savvy enough where the available techniques weren't "enough" security, if that's who you're protecting it from (which it usually IS if you're in a corporate environment, where it's someone else's job to secure networks and servers in the first place - not yours, so all that's left is curious users). Too much is made of this issue.

If the business is happy with the level of security, and they have some knowledge that your Access db is not a NASA level app, then your product has the dignity of serving its purpose.