Passwords are an important part of any database security system. There
are several options for increasing password security.
- Implement a Login Policy – control the frequency of password changes, to specify the number of login
attempts allowed before an account is locked, or to force password
expiration. See Login Policies.
- Implement a Minimum Password Length – by default, passwords can be any length. For greater security, you can
enforce a minimum length requirement on all new passwords to disallow short
(and therefore easily guessed) passwords. The recommended minimum length is
6. See MIN_PASSWORD_LENGTH.
- Implement Password Rules – implement advanced password rules that include requiring certain types of
characters in the password, disallowing password reuse, and expiring
passwords. Validation of the rules occurs when a new user ID is created or a
password is changed. See VERIFY_PASSWORD_FUNCTION.