Error
Error Code:
ORA-28216
ORA-28216: Insufficient Digits
Description
The ORA-28216 error occurs in Oracle Database when a user attempts to set or change a password that does not meet the minimum digit requirement. The password policy enforces a certain number of digits for security purposes.
Error Message
password must contain number or more digits
Known Causes
3 known causesInsufficient Digits
The provided password does not include the minimum number of digits specified by the password policy. The database enforces this rule to enhance password strength.
Password Policy Misconfiguration
The password policy itself may be incorrectly configured, setting a minimum digit requirement that is unintended or too strict. Check the database's password profile settings.
Default Password Settings
When creating new users, the default password settings may not be strong enough and fail to meet the minimum digits requirement. A more complex password is required.
Solutions
3 solutions available1. Change Password to Meet Requirements easy
Update the user's password to include at least one digit.
1
Connect to the Oracle database as a user with DBA privileges (e.g., SYS, SYSTEM) or the user whose password needs to be changed.
2
Execute the ALTER USER command to change the password. Ensure the new password contains at least one digit (0-9).
ALTER USER username IDENTIFIED BY NewPasswordWithDigit1;
-- Replace 'username' with the actual username and 'NewPasswordWithDigit1' with your new password.3
If you are changing your own password, you can use the following syntax:
ALTER USER my_user IDENTIFIED BY myNewSecurePassword99;
-- Replace 'my_user' with your username.2. Modify Password Complexity Profile medium
Adjust the password profile to relax the digit requirement.
1
Connect to the Oracle database as a user with DBA privileges (e.g., SYS, SYSTEM).
2
Identify the password profile associated with the user encountering the error. You can find this by querying the DBA_USERS view.
SELECT username, profile FROM dba_users WHERE username = 'USERNAME_WITH_ERROR';
-- Replace 'USERNAME_WITH_ERROR' with the problematic username.3
Query the DBA_PROFILES view to see the current settings for that profile, specifically looking for 'PASSWORD_VERIFY_FUNCTION' and password-related limits.
DESCRIBE dba_profiles;
SELECT profile, resource_name, resource_type, limit FROM dba_profiles WHERE profile = 'PROFILE_NAME';
-- Replace 'PROFILE_NAME' with the profile found in the previous step.4
To disable the digit requirement, you can either:
1. Set the 'PASSWORD_VERIFY_FUNCTION' to NULL for the profile. This is a quick but less secure option.
2. Modify the password complexity check within the custom password verify function (if one is used). This is more complex and requires understanding PL/SQL.
1. Set the 'PASSWORD_VERIFY_FUNCTION' to NULL for the profile. This is a quick but less secure option.
2. Modify the password complexity check within the custom password verify function (if one is used). This is more complex and requires understanding PL/SQL.
ALTER PROFILE PROFILE_NAME LIMIT PASSWORD_VERIFY_FUNCTION NULL;
-- Replace 'PROFILE_NAME' with the relevant profile name.5
After modifying the profile, users can now change their passwords without the digit requirement. They may still need to meet other complexity rules defined in the profile.
3. Temporarily Disable Password Verification advanced
Globally disable password verification to allow password changes, then re-enable.
1
Connect to the Oracle database as a user with DBA privileges (e.g., SYS, SYSTEM).
2
Store the current password verify function setting for all profiles.
SELECT profile, resource_name, limit FROM dba_profiles WHERE resource_name = 'PASSWORD_VERIFY_FUNCTION';3
Temporarily set the PASSWORD_VERIFY_FUNCTION to NULL for all profiles. This is a drastic measure and should be done with extreme caution and during a maintenance window.
BEGIN
FOR p IN (SELECT profile FROM dba_profiles GROUP BY profile) LOOP
EXECUTE IMMEDIATE 'ALTER PROFILE ' || p.profile || ' LIMIT PASSWORD_VERIFY_FUNCTION NULL';
END LOOP;
END;
/4
Instruct the affected users to change their passwords immediately, ensuring they meet the desired complexity (including digits).
5
Once users have changed their passwords, restore the original password verify function settings. This requires careful scripting based on the output from step 2.
-- Example: Replace 'DEFAULT' and the original function name with your actual values.
ALTER PROFILE DEFAULT LIMIT PASSWORD_VERIFY_FUNCTION ora12c_verify_function;
-- Repeat for other profiles.