The Oracle server provides a password complexity verification function named VERIFY_FUNCTION. This function is created with the /rdbms/admin/utlpwdmg.sql script. The password complexity verification function must be created in the SYS schema. It can be used as a template for you customized password verification.
The supplied password verification function enforces these password restrictions:
– The minimum length is four characers.
– The password cannot be the same as the username.
– The password must have at least one alphabetic, one numeric, and one special character.
– The password must differ from the prvious password by at least three letters.
In adittion to creating VERIFY_FUNCTION, the utlpwdmg script also changes the DEFAULT profile with the following ALTER PROFILE command:
ALTER PROFILE default LIMIT