I would think you would want to require more than 7 characters especially with such a long duration which you might consider shortening. ________________________________ From: oracle-l-bounce@xxxxxxxxxxxxx [mailto:oracle-l-bounce@xxxxxxxxxxxxx] On Behalf Of Mahesh G Sent: Friday, March 18, 2011 4:31 AM To: oracle-l@xxxxxxxxxxxxx Subject: Enforcing password rules in oracle database Hi all, We have one requirement to enforce below mentioned password rules for all newly created user accounts in our environment. 1) All passwords must have at least 7 characters in length 2) All Logins will require the use of a password 3) Passwords must not match the username 4) Unsuccessful login attempts must be audited 5) Password duration <= 90 days 6) Failed logins limit = 6 Oracle built-in feature, setting Default profile and calling verify_function function ($ORACLE_HOME/rdbms/admin/utlpwdmg.sql ) doesnt serve my purpose. Because 2 rule will be violated for those users who use external password option. My env is combination of 9i, 10g & 11g version databases. Can you recommend / suggest any best way to implement the above rules ? It would be great help. Regards, - Mahesh