If you are thinking of enforcing a stronger password policy, there is an easy way using the password verfication functions provided by Oracle.

  • 10G – verify_function
  • 11G – verify_function_11g
  • 12C – ora12c_verify_function
  • 12C – ora12c_strong_verify_function

Since Oracle 10G the script ORACLE_HOME/rdbms/admin/utlpwdmg.sql has been delivered as a seperate script. This script previously created the password verify functions.

Now, in an Oracle 12.2 default installation, the Oracle database provides the ora12c_verify_function and ora12c_strong_verify_function in the SYS schema.

You can easily enforce the stronger password verification on the default profile. This will have an immediate affect when a user makes a password change.

alter profile default limit PASSWORD_VERIFY_FUNCTION ora12c_verify_function;

If you need to disable the function for the default profile.

alter profile default limit PASSWORD_VERIFY_FUNCTION null;

Let’s test it out.

rem tiethe function to the default profile
alter profile default limit PASSWORD_VERIFY_FUNCTION ora12c_verify_function;

Profile DEFAULT altered.

rem create a new user smiley with the new profile

create user smiley identified by "smiley";
Error report -
ORA-28003: password verification for the specified password failed
ORA-20001: Password length less than 8
28003. 00000 -  "password verification for the specified password failed"
*Cause:    The new password did not meet the necessary complexity
           specifications and the password_verify_function failed
*Action:   Enter a different password. Contact the DBA to know the rules for
           choosing the new password
           
rem remove the password restriction
alter profile default limit PASSWORD_VERIFY_FUNCTION null;
Profile DEFAULT altered.

rem create the user again
create user smiley identified by "smiley";
User SMILEY created.

Oracle documentation is always a good source of information. There you may find the difference between the password functions in detail. Managing the complexity of passwords.

Over&Out