Hi all, We have one requirement to enforce below mentioned password rules for all newly created user accounts in our environment. 1) All passwords must have at least 7 characters in length 2) All Logins will require the use of a password 3) Passwords must not match the username 4) Unsuccessful login attempts must be audited 5) Password duration <= 90 days 6) Failed logins limit = 6 Oracle built-in feature, setting Default profile and calling verify_function function ($ORACLE_HOME/rdbms/admin/utlpwdmg.sql ) doesnt serve my purpose. Because 2 rule will be violated for those users who use external password option. My env is combination of 9i, 10g & 11g version databases. Can you recommend / suggest any best way to implement the above rules ? It would be great help. Regards, - Mahesh