Error
Error Code: ORA-28214

Oracle Error ORA-28214: Weak Password

📦 Oracle Database
📋

Description

The ORA-28214 error indicates that the password you're attempting to use for an Oracle Database user does not meet the minimum password complexity requirements, specifically the number of required uppercase characters. This typically occurs during user creation or password reset operations.
💬

Error Message

password must contain number or more uppercase characters
🔍

Known Causes

2 known causes
⚠️
Insufficient Uppercase Characters
The password provided does not contain the minimum number of uppercase letters as defined by the database's password policy.
⚠️
Password Complexity Profile
The active password profile enforces a requirement for uppercase characters that the password fails to meet.
🛠️

Solutions

3 solutions available

1. Change Password to Meet Requirements easy

Modify the user's password to include at least one number or uppercase character.

1
Connect to the Oracle database as the user experiencing the error or as a DBA with appropriate privileges.
2
Execute the ALTER USER command to change the password. Ensure the new password adheres to the policy (contains a number or an uppercase character).
ALTER USER username IDENTIFIED BY NewPassword123;
3
Verify the password change by attempting to log in with the new password.

2. Temporarily Disable Password Complexity medium

Disable the password complexity check for a specific user or globally, for a limited time.

1
Connect to the Oracle database as a DBA with `SYSDBA` or `SYSOPER` privileges.
2
To disable password complexity for a specific user, use the `ALTER PROFILE` command to modify the default profile or a custom profile assigned to the user. This example modifies the `DEFAULT` profile for demonstration. **Caution:** This affects all users using this profile.
ALTER PROFILE DEFAULT LIMIT PASSWORD_VERIFY_FUNCTION NULL;
3
Alternatively, to disable password complexity for a specific user by assigning them a profile with no complexity checks (you might need to create one if it doesn't exist):
ALTER USER username PROFILE UNLIMITED_PASSWORD_PROFILE;
4
After successfully changing the user's password (as in Solution 1), re-enable the password complexity check by restoring the original `PASSWORD_VERIFY_FUNCTION` setting.
ALTER PROFILE DEFAULT LIMIT PASSWORD_VERIFY_FUNCTION ORA_VERIFY_FUNCTION;

3. Update Password Verification Function advanced

Modify the password verification function to be less restrictive or to align with current password policies.

1
Connect to the Oracle database as a DBA with `SYSDBA` privileges.
2
Identify the current password verification function associated with the profile. This can be done by querying `DBA_PROFILES`.
SELECT profile, resource_name, limit FROM dba_profiles WHERE resource_name = 'PASSWORD_VERIFY_FUNCTION';
3
If the current function is `ORA_VERIFY_FUNCTION` or a similar Oracle-provided function, you might need to create a custom PL/SQL function that implements your desired password complexity rules. This is a complex task and requires careful planning and testing.
4
Once a custom verification function is created and thoroughly tested, you can assign it to the relevant profile using the `ALTER PROFILE` command.
ALTER PROFILE profile_name LIMIT PASSWORD_VERIFY_FUNCTION custom_password_verify_func;
5
Ensure that the user's password is then changed to comply with the new verification function's rules.