Password aging in MS Access 1

[Kincaco]

We have a new directive from above to implement password aging on several of our systems. One of them in written in MS Access 2.0. It is used by our entire company to enter their timesheets.

Does anyone know of anyway to implement password aging in MS Access - any version. We've put off upgrading but if we have to for this, we will.

Thanks in advance,
Connie [sig][/sig]

 

[Phooey]

I presume that you are using a logon form of some kind...

30 days is just an example.

How is the security of the database achieved? If via .mdw file then you could have all users change their password on the same date (e.g.1st of each month) by comparing the date when each user logs on to a universal date and if more than 30 days, prompt for password change. See Access help for changing user password in the .mdw file.

If using a custom security table, add a field which records when the user last changed their password and if the date is greater than 30 days old then prompt for change of password.

Old passwords could be added to a linked file (.txt or .dat etc..) in order to prevent use of the same passwords over and over again.

I hope this helps..
[sig]<p>Phooey<br><a href=mailto:Andrew.j.harrison@capgemini.co.uk>Andrew.j.harrison@capgemini.co.uk</a><br>Otherwise known as Windy Bottom.[/sig]

 

[Kincaco]

Currently we are using Access 2.0 and the default SYSTEM.MDA has been setup with multiple user ID's. However that is not written in stone. If it would work better to update to Access 97 or 2000, not a problem. We could also use a custom security file (and probably should for many reasons).

Where can I find out more about using a custom security table to record when the user last changed their password? To compare previous passwords? These ideas sound like the key to a solution but I'm not entirely sure how to proceed.

Thanks again,
Connie [sig][/sig]

 

[Phooey]

I have no knowledge of Access 2, but it can't be too different, although I think ithe inherent security of Access 2000 is far superior to Access 97.

We have tried this in one or two databases, and the results seem to be satisfactory, although we haven't tried password aging yet...

On opening the database, the user is prompted to enter logon details, which are then checked against a hidden table. Ideally this should contain username, password, some database permissions and a change date. If the current date is checked against the change date when the user details are found to be correct, then the user could be prompted to change his/her password. The new password is checked against a password list (either hidden table or external file) and rejected if it already exists or is believed to be too simple, i.e. '9999999'. Old passwords are then appended to the password list.

If the AllowBypassKey is disallowed, either by changing the startup options on implementation or using code, then the database would be fairly secure, apart from the contents of the database could be exported.

Further security could be added by using the Access security wizard to create a .mdw file and extracting the user details from the .mdw file into an Access table, adding a change date. The .mdw can be updated by using code (Ensure that the Access table is always updated from the .mdw except for change date). See Access Help for further information.

Hope this helps...

[sig]<p>Phooey<br><a href=mailto:Andrew.j.harrison@capgemini.co.uk>Andrew.j.harrison@capgemini.co.uk</a><br>Otherwise known as Windy Bottom.[/sig]