It's up to you to decide which characters you will or won't allow in a password. For wildcard comparisons, you need to use the keyword like, and a construct such as
... = "*?@?*.?*" Or "*[,;]*"
is not valid. To disallow *?@,; use
It might be a good idea not to allow spaces in a password.
Also, keep in mind when checking a password that Access by default performs case-insensitive string comparisons. To force Access to perform case-sensitive string comparisons, you can change the line
Option Compare Database
at the top of the code module to
Option Compare Binary
This will make ALL string comparisons in that module case-sensitive. Or you can use the StrComp function with the vbBinaryCompare option. See
StrComp Function if you want only a specific comparison to be case-sensitive.