Passwords and Locked Accounts

Lists the criteria for passwords and includes locked account details.

Password Requirements

Passwords must contain 12 to 128 characters and must have at least:
  • One lowercase character

  • One uppercase character

  • One numeric character

  • One symbolic character

    Passwords can include the following symbols: ! " # $ % & ' ( ) * + , - . / : ; < = > ? @ [ \ ] ^ _ ` | ~

Passwords must not include:
  • Whitespace characters

  • First name

  • Last name

  • User name

  • Restricted words

Note:

  • If you reset your password and enter a new one, then you cannot use any of your last six passwords.

  • All criteria are validated while you type, with the exception of not containing restricted words and not using your last six passwords. These two criteria are validated server-side and must be updated and saved again if that fails.

  • The new password is validated against a list of common passwords or known passwords. The list contains words such as administrator, 1234, password, soccer, football, qwerty, and also variations with replacement characters like @, !, 0, $.

  • If you request a password reset from the Can’t sign in? page more than 10 times and then you don’t actually reset the password, the ability to recover your password is locked for 30 minutes. A System Administrator can still reset the password for you.

  • Depending on the configuration of your enterprise, passwords expire after either 60 or 90 days.

Locked Account

If you enter the incorrect password six times, then your account will be locked. You can either wait 30 minutes and try again or click Can't sign in? from the Oracle Simphony sign in screen to reset your password.