Hi all, The basic utlpwdmg.sql script was modified for 11g and as one would expect, it contains more complexity checks than prior versions. However, there also seems to be a surprising decrease in complexity requirements: In prior versions, it required "at least one digit, one character and one punctuation". The 11g version requires "at least one digit, one character". Does anyone know why they removed the 'punctuation' requirement? I of course can code this in myself if desired but am nonetheless surprised that it would have been removed in the first place. I would think as the versions progress, the basic security requirements would become more stringent, not less. Thanks, -kathryn