One Problem I can see
The Update query...
cmd = New OleDbCommand("UPDATE login SET passwd = '" + TextBox3.Text + "' WHERE username ='" + TextBox1.Text + "'", cn)
cmd.Parameters.AddWithValue("@newPasss", this.TextBox3.Text)
cmd.Parameters.AddWithValue("@username", this.TextBox1.Text)
cmd.Parameters.AddWithValue("@password", this.TextBox2.Text)
should be like below...
cmd = New OleDbCommand("UPDATE login SET passwd = @newPasss WHERE username = @username AND passwd = @password", cn)
cmd.Parameters.AddWithValue("@newPasss", newPass)
cmd.Parameters.AddWithValue("@username", username)
cmd.Parameters.AddWithValue("@password", password)
This will help you to restrict
SQL Injection Attack.
But you should not directly store the Password, instead change your logic to implement some Encryption so that Password will be protected. Inserting plain text Password is not recommended.