This may help you get going.  It is called from a 'Change password' button on
a form with three fields: OldPassword, NewPassword and VerifyPassword.

The other essential feature is the table UserList which includes USERCODE,
USERNAME, DEPARTMENT, PASSWORDEXPIRES, PASSWORDCHANGED.  This is the table
that you need to check when the user enters the database.  If the Expiry date
has passed direct them to the change password form instead of the usual menu
so that they can only change their password or leave the database.

John
##################################
Don't Print - Save trees

Function ChangePassword()
  Dim CurrentForm As Form, Message As String, SQL As String, ThisUser As User
  Dim Security As Recordset
  Dim Charset(43) As Integer, ThisAsc As Integer, I As Integer
  Dim HasLetter As Boolean, HasNumber As Boolean
  On Error GoTo Error_Trap
  Set CurrentForm = Screen.ActiveForm
  Set ThisUser = DBEngine.Workspaces(0).Users(UCase$(CurrentUser))
  HasNumber = False
  HasLetter = False
  Message = ""
  For I = 1 To 26
    Charset(I) = 0
  Next I
  With CurrentForm
    If !NewPassword Like "*" & CurrentUser & "*" Then _
      Message = "Your User Name cannot be your Password"
    If CurrentUser Like "*" & CurrentForm!NewPassword & "*" Then _
      Message = "Your User Name cannot be your Password"
    If Nz(!VerifyPassword) = "" Or Nz(!NewPassword) = "" Then _
      Message = "New Password and Verification must both be entered"
    If !VerifyPassword <> !NewPassword Then _
      Message = "New Password and Verification must be the same"
    If !OldPassword = !NewPassword Then _
      Message = "New Password must be different from Old Password"
    If Len(Nz(!NewPassword)) < 5 Then _
      Message = "New Password must be at least five characters"
    For I = 1 To Len(Nz(!NewPassword))
      ThisAsc = Asc(UCase$(Mid$(!NewPassword, I, 1))) - 47
      If ThisAsc < 18 Then HasNumber = True
      If ThisAsc > 17 Then HasLetter = True
      Charset(ThisAsc) = Charset(ThisAsc) + 1
      If Charset(ThisAsc) > 2 Then Message = "Too many letter repeats"
    Next I
    If Not HasNumber Then _
      Message = Message & vbCrLf & "Password must be Alphanumberic"
    If Not HasLetter Then _
      Message = Message & vbCrLf & "Password must include letters"
    SQL = "SELECT count(*) AS RowCount FROM UserList WHERE UserCode = '" _
      & UCase$(CurrentUser) & "'" & " AND (UserName LIKE '*" & !NewPassword _
      & "*' OR '" & !NewPassword & "' LIKE '*' & UserName & '*')"
  End With
  Set Security = CurrentDb.OpenRecordset(SQL, DB_OPEN_SNAPSHOT)
  If Security!RowCount > 0 Then Message = "Your Name cannot be your Password"
  Security.Close

CheckChangePassword:
  If Message = "" Then
    ThisUser.NewPassword Nz(CurrentForm!OldPassword), CurrentForm!NewPassword
    SQL = "UPDATE UserList SET PasswordChanged = #" & FormatDate(SysTime) _
      & "#," & " PasswordExpires = #" & FormatDate(DateAdd("d", 90, SysTime))
& "#" _
      & " WHERE UserCode = '" & UCase$(CurrentUser) & "'"
    CurrentDb.Execute SQL, dbFailOnError
    msgbox "Password Changed Successfully", vbInformation
    FormClose
    DatabaseOpen "A"  ' This function opens the database normally.
  Else
    msgbox Message & CR() & "Password NOT changed", vbCritical, "Invalid Input"
  End If

Exit_Sub:
  Set Security = Nothing
  Set CurrentForm = Nothing
  Set ThisUser = Nothing
  Exit Function

Error_Trap:
  If Err = 3033 Then
    Message = "Old Password Incorrect"
  Else
    Message = "Change password Error - " & GetDAOErrors & Error$
  End If
  Resume CheckChangePassword
End Function

Hi Rob,
  I haven't looked at John's example because I'm not that far yet...could
you help me how you have the users enter their password in the first place
without being able to modify anything in access?  Thank you.  Paul.