Recovering a VBA protect password

New Contributor


I wrote a database in 2009/2010 in 2007.  I migrated it to 2010, changed it to an accdb and password protected the VBA. In 2017, I left the company, handed over all of my passwords, and left my code in another's hands. 


In Sept 2021, they asked me to please come back, I did, and the password to the DB I am trying to recover was lost.


I have tried using HxD, which doesn't work with accdb. 


How can I recover the password? 








5 Replies

@txgeekgirl You may be out of luck. If you can prove that you created the accdb, or that it belongs to your employer, you might be able to get help recovering the VBA from a company like Everything Access, although that's not their primary focus. They specialize in recovering mde and accde files. They will require proof of ownership as a precondition, if they can tackle your particular problem.

I have not tried this tool, I came across it in a web search. It says it supports both mdb accdb format. Please proceed with caution and do all necessary due diligence.

MDB passwords are trivial to hack. However, that isn't the case for ACCDB passwords which, since A2010, use 128-bit encryption.


I have tried the cosenor password recovery tool for research purposes. The utlilty uses a brute force approach to test every possible combination of passwords in turn until it finds something that works. So if your password is reasonably long/strong this can take days/months or even years to complete ...unless you can provide clues to narrow down the search. 

As an experiment I tested it on one of my own databases whose 10 character password I already knew. I left the utility running on a spare workstation for almost 48 hours. It had only tested a small % of the possible values before I terminated the search.


For a guide as to the time needed to hack a password using brute force, see

We tried a BruteForce tool... it recovered 1 character in a day. The password was at least 10 characters with all the bells and whistles.
I don't understand how it could recover 1 character. The brute force approach requires each generated string to be tested in turn on the specified database. It either succeeds or fails without any clues being given about which characters were correct

Just for clarification, I thought the Cosenor tool was a well-designed utility and it did exactly what it claimed to do...but it could take billions of years to crack a strong password. For once, MS did create strong security, at least with ACCDB passwords (though not with other Access features)