Reset Passwords to Enforce Case-Sensitivity
For upgraded databases, improve security by using case-sensitive passwords for default user accounts and user accounts.
For greater security, Oracle recommends that you enable case sensitivity in
passwords. In Oracle Database 21c and later release, the IGNORECASE
parameter for the orapwd
file is desupported. All newly created
password files are case-sensitive. Case sensitivity increases the security of passwords
by requiring that users enter both the correct password string, and the correct case for
each character in that string. For example, the password hPP5620qr
fails if it is entered as hpp5620QR
or hPp5620Qr
.
Upgraded password files from earlier Oracle Database releases can retain original case-insensitive passwords. To ensure that password files are case-sensitive, Oracle recommends that you force case sensitivity by migrating password files from one format to another, using the following syntax:
orapwd input_file=input_password _file file=output_password_file
To secure your database, create passwords in a secure fashion. If you have default passwords in your database, then change these passwords. Every password should satisfy the Oracle recommended password requirements, including passwords for predefined user accounts.
For new databases created after the upgrade, there are no additional tasks or management requirements.
Existing Database Requirements and Guidelines for Password Changes
- Passwords must be at least eight characters, and passwords such as
welcome
andoracle
are not allowed. - For existing databases, to take advantage of password case-sensitivity, you must
reset the passwords of existing users during the database upgrade procedure.
Reset the password for each existing database user with an
ALTER USER
statement. - Query the
PASSWORD_VERSIONS
column ofDBA_USERS
to find theUSERNAME
of accounts that only have the 10G password version, and do not have either the11G
or the12C
password version. Reset the password for any account that has only the10G
password version.
- Finding and Resetting User Passwords That Use the 10G Password Version
For better security, find and reset passwords for user accounts that use the10G
password version so that they use later, more secure password versions.
Related Topics