About Password Policies
When you create a user account, a default password policy is assigned to that user
account. The default password policy for a newly installed database includes these
■ The password for the user account expires automatically in 180 days.
■ The user account is locked 7 days after password expiration.
■ The user account is locked for 1 day after 10 failed login attempts.
The default password policy is assigned to user accounts through a database object
called a profile. Each user account is assigned a profile, and the profile has several
attributes that describe a password policy. The database comes with a default profile
(named DEFAULT), and unless you specify otherwise when you create a user account,
the default profile is assigned to the user account.
For better database security, you may want to impose a more strict password policy.
For example, you may want passwords to expire every 70 days, and you may want to
lock user accounts after three failed login attempts. (A failed login attempt for a user
account occurs when a user enters an incorrect password for the account.) You may
also want to require that passwords be complex enough to provide reasonable
protection against intruders who try to break into the system by guessing passwords.
For example, you might specify that passwords must contain at least one number and
one punctuation mark.
... zobacz całą notatkę