vb.net and database security
I've created an application in vb.net for my fiancee to use in her new job. Basically she has a million passwords to remember, and rather than storing them in an unsecure excel document I said I would write something for her.
The application is written in VB.net 2008, and uses an MS Access database for storing all the data in. The application also has the option of using a second-factor auth method (USB-pen drive in this case) to make it more secure.
Anyhow, I want to release the software as people might find it useful, but I want some ideas first about the security of the application:
1) The database is password protected using the standard method in Access. This password is extremely long and random, and is stored only in the application settings on the project so people without the source (so anyone but me) should not be able to see this. Anyhow, as always, passwords can be cracked so is there any better way to secure the database? The database will only exist on a local computer/network share so access to that drive will be required first so cracking is unlikely - but I would have thought there would be a better way at securing an Access database.
2) The second-form factor auth is done by the application creating a hidden text file on the removable device, and in this file is a hash of the username. If the username given when logging in doesn't match the file on the pen then it won't let them in. Similarly it won't let them in if no pen is plugged in, or if no file exists on the pen drive. Is there a better way to do this, or have I covered the bases?
Would love some advice on this as I would love to release this app, but feel it would be a waste of time if the steps I've taken are as protective as a chocolate condom.