It is recommended to enforce checks and response actions for failed logins, password complexity, password expiration and password reuse.
Password complexity can be implemented through profiles.
The script for password management implementation utlpwdmg.sql can be used to create a new function to verify password complexity rules.
Verify Function is a quick and easy way to enforce quality of database passwords—for example, they should contain a certain number of characters, should not be identical to the username, and so on.
By executing this script utlpwdmg.sql, it will attach the function to the profile DEFAULT, which is the default profile for all users.
The following password complexity is set with the 'utlpwdmg.sql' script.
Password length less than 8
Password same as or similar to user
Password same as username reversed
Password same as or similar to server name
Password too simple
Password must contain at least one digit, one character
Password must contain at least one digit, and one character
Password should differ from the old password by at least 3 characters