How To Set Password Policy in Oracle

The password of Oracle database users is usually set to the same as the user name. Or passwords are set very simply. That means serious security weakness.

To prevent users from setting simple passwords , we need to change the PASSWORD_VERIFY_FUNCTION parameter in the profile to be a procedure specified by US or verify_function_11G function provided by Oracle.

When verify_function_11G is installed, the following parameters will be automatically set for the profile named DEFAULT:

In this way, the user password will be forced to be changed every 180 days.

After 180 days of the last password change, the user will be warned to change the password for 7 days. If the User has not changed his/her password for 7 days, the user status will be expired and the user could not be login.

If we have created a profile, we need to change the PASSWORD_VERIFY_FUNCTION parameter as follows.

Install the verify_function_11G function:

We can install the verify_function_11G function by running utlpwdmg.sql in the $ORACLE_HOME/rdbms/admin directory.

After the function is installed, if changes in the DEFAULT profile will cause problems, it is useful to make some corrections in DEFAULT Profile.

Because there was no such thing as invalid passwords before installation. After the function is installed, the passwords will expire 180 days after the user’s last password change. This 180 days is not 180 days after the function is created. This is the time after the most recent password change. So in this case, the user password can be expire in a few days.

For detailed information about Oracle Profiles, I suggest you read the below articles.

“How To Create Oracle Profiles“,

“How To Change User Profile On Oracle”

and you should read the below article about user password expire.

“Oracle Password Expired Error”,

“How to Unlock an Expired Oracle User Whose Password is Unknown”