Password Complexity in Oracle 11g

The default password verification function provided by the Oracle which is kept in location $ORACLE_HOME/rdbms/admin/utlpwdmg.sql.
If we have a newly upgraded 11g database, this script is not loaded automatically. Therefore, we have run this script manually for it to take effect. Till then the verify function of the previous version would be in effect.

The password verification function has been enriched with more complexity features in Oracle 11g. Both the old version of the password verification funtion and a new version is put in utlpwdmg.sql. The new version is called verify_function_11G. The old version is still called verify_function. If you run the utlpwdmg.sql script, both copies of the password verification routine will be loaded into your database. The script also includes the ALTER PROFILE commands to update the default profile with the correct default profile settings. Note that the default profile will be configured to use the verify_function_11G verification function and not the verify_function if this script utlpwdmg.sql is run after upgrade.

The criteria checked in the new password verification function, verify_function_11G are shown below. This has more features compared to the previous 10g version:

1. The password must be a minimum of eight characters in length.

2. The password cannot be the same as the username.

3. The password cannot be the same length as the username.

4. The password cannot be the username spelled backwards.

5. The password cannot be the same as the server name or the server name with digits from 1 to 100 appended.

6. Simple passwords like welcome’, ‘database’, ‘account’, ‘user’, ‘password’, ‘oracle’, ‘computer’, ‘abcd’ will be rejected.

7. The password must include one digit and one alpha character.

Article by: Divya