Hmm..Maybe that's it - some apps/scripts had issues with passwords that contained symbols so Oracle removed the requirement. If that were the case, I would think Oracle would have done so before 11g, but...maybe not :) Either way, sounds like a good theory to me! Thanks Lyall. On Tue, Apr 27, 2010 at 1:02 PM, <lyallbarbour@xxxxxxxxxxxxxxx> wrote: > We had a problem with... the @ symbol, i think. One of the punctuations > for passwords when a user would fire off an Oracle Report. Maybe that is > one of the reasons... > Lyall > > -----Original Message----- > From: kathryn axelrod <kat.axe@xxxxxxxxx> > To: oracle-l@xxxxxxxxxxxxx > Sent: Tue, Apr 27, 2010 2:59 pm > Subject: 11g password complexity > > Hi all, > > The basic utlpwdmg.sql script was modified for 11g and as one would expect, > it contains more complexity checks than prior versions. However, there also > seems to be a surprising decrease in complexity requirements: > In prior versions, it required "at least one digit, one character and one > punctuation". The 11g version requires "at least one digit, one character". > > Does anyone know why they removed the 'punctuation' requirement? I of > course can code this in myself if desired but am nonetheless surprised that > it would have been removed in the first place. I would think as the versions > progress, the basic security requirements would become more stringent, not > less. > > Thanks, > -kathryn > >