Passwords are an important part of any database security system. There are several options available to increase password security.
Use a login policy to control the frequency of password changes, to specify the number of login attempts allowed before an account is locked, or to force password expiration. See Login Policies.
By default, passwords can be any length. For greater security, you can enforce a minimum length requirement on all new passwords to disallow short (and therefore easily guessed) passwords. The recommended minimum length is 6. See MIN_PASSWORD_LENGTH.
You can implement advanced password rules that include requiring certain types of characters in the password, disallowing password reuse, and expiring passwords. Validation of the rules occurs when a new user ID is created or a password is changed. See VERIFY_PASSWORD_FUNCTION.