3.3.2.8 Creating Strong Password Policies

Instance administrators can create strong password policies for an Oracle Application Express instance.

• About Strong Password Policies
  Manage password policy for Application Express users (workspace administrators, developers, and end users) in all workspaces.
• Configuring Password Policies
  Manage password policy for Application Express users (workspace administrators, developers, and end users) in all workspaces.

3.3.2.8.1 About Strong Password Policies

Manage password policy for Application Express users (workspace administrators, developers, and end users) in all workspaces.

Password policies can:

• Apply to all users (including, Workspace administrators, developers, and end users) in an Oracle Application Express instance.

• Include restrictions on characters, password length, specific words, and differences in consecutive passwords.

• Apply to users signing in to Oracle Application Express Administration Services.

The Application Express instance administrator can select the password policy for service administrators. Options include:

• Use policy specified in Workspace Password Policy - Applies the password rules specified the in Workspace Password Policy.

• Use default strong password policy - Adds another layer of security to prevent hackers from determining an administrator's password. This password policy requires that service administrator passwords meet these restrictions:

  • Consist of at least six characters.

  • Contain at least one lowercase alphabetic character, one uppercase alphabetic character, one numeric digit, and one punctuation character.

  • Cannot include the username.

  • Cannot include the word Internal.

  • Cannot contain any words shown in the Must Not Contain Workspace Name field in this section.

  Password policies add another layer of security to prevent hackers from determining an administrator's password.

3.3.2.8.2 Configuring Password Policies

Manage password policy for Application Express users (workspace administrators, developers, and end users) in all workspaces.

To configure password policies:

1. Sign in to Oracle Application Express Administration Services.
2. Click Manage Instance.
3. Under Instance Settings, click Security.
4. Under Password Policy and specify the following attributes:

   Table 3-2 Workspace Password Policy Attributes

   Attribute	Description
   Password Hash Function	Select a hash function that Application Express uses to generate one way hash strings for workspace user passwords. To learn, see field-level Help.
   Minimum Password Length	Enter a number to set a minimum character length for passwords for workspace administrator, developer, and end user accounts.
   Minimum Password Differences	Enter the number of differences required between old and new passwords. The passwords are compared character by character, and each difference that occurs in any position counts toward the required minimum difference. This setting applies to accounts for workspace administrators, developers, and end users.
   Must Contain At Least One Alphabetic Character	Select Yes to require that workspace administrator, developer, and end user account passwords contain at least one alphabetic character as specified in the Alphabetic Characters field.
   Must Contain At Least One Numeric Character	Select Yes to require that workspace administrator, developer, and end user account passwords contain at least one Arabic numeric character (for example, 0,1,2,3,4,5,6,7,8,9).
   Must Contain At Least One Punctuation Character	Select Yes to require that workspace administrator, developer, and end user account passwords contain at least one punctuation character as specified in the Punctuation Characters field.
   Must Contain At Least One Upper Case Character	Select Yes to require that workspace administrator, developer, and end user account passwords contain at least one uppercase alphabetic character.
   Must Contain At Least One Lower Case Character	Select Yes to require that workspace administrator, developer, and end user account passwords contain at least one lowercase alphabetic character.
   Must Not Contain Username	Select Yes to prevent workspace administrator, developer, and end user account passwords from containing the username.
   Must Not Contain Workspace Name	Select Yes to prevent workspace administrator, developer, and end user account passwords from containing the workspace name, regardless of case.
   Must Not Contain	Enter words, separated by colons, that workspace administrator, developer, and end user account passwords must not contain. These words may not appear in the password in any combination of uppercase or lowercase. This feature improves security by preventing the creation of simple, easy-to-guess passwords based on words like hello, guest, welcome, and so on.
   Alphabetic Characters	Enter new or edit the existing alphabetic characters. This is the set of characters used in password validations involving alphabetic characters.
   Punctuation Characters	Enter new or edit existing punctuation characters. This set of characters must be used in password validations involving punctuation characters.

5. For Service Administrator Password Policy, select an option:
   • Use policy specified in Workspace Password Policy - Applies the password rules specified above in Workspace Password Policy to service administrator passwords.
   • Use default strong password policy - Requires that service administrator passwords meet these restrictions:

     • Consist of at least six characters

     • Contain at least one lowercase alphabetic character, one uppercase alphabetic character, one numeric digit, and one punctuation character

     • Cannot include the username

     • Cannot include the word Internal

     • Cannot contain any words shown in the Must Not Contain field specified above in Workspace Password P

6. Click Apply Changes.