Oracle FAQ Your Portal to the Oracle Knowledge Grid
HOME | ASK QUESTION | ADD INFO | SEARCH | E-MAIL US
 

Home -> Community -> Mailing Lists -> Oracle-L -> RE: password complexity -- implementing security changes

RE: password complexity -- implementing security changes

From: Reidy, Ron <Ron.Reidy_at_arraybiopharma.com>
Date: Thu, 2 Mar 2006 15:43:17 -0700
Message-ID: <7209E76DACFED9469D4F5169F9880C7A9CA1@mail01bldr.arraybp.com> 





You are correct.  Adding complexity will not lock an account.  Yes,
initial and reset passwords meet the complexity rules.



As for the application prompting them, I would assume the application
would need to notify them.  I produce a report that is mailed to the end
users when their database passwords are within 3 weeks of expire, and
then each week thereafter.  They can change their passwords when they
have the time.



--



Ron Reidy


Lead DBA


Array BioPharma, Inc.



-----Original Message-----



From: oracle-l-bounce_at_freelists.org


[mailto:oracle-l-bounce_at_freelists.org] On Behalf Of J. Dex
Sent: Thursday, March 02, 2006 1:49 PM


To: oracle-l_at_freelists.org


Subject: password complexity -- implementing security changes




I am wondering how other shops handle security changes relating to
password 


complexity.



We just implemented a lot of security features into our database
including 


password complexity.  The users login through an application.  Adding 
password complexity did not appear to lock out their accounts.  When
they 


try and login, though, with multiple attempts it finally does lock it.
Do 


most of you just give them a password initially that fits complexity and



tell them they have to change it?



I am still not even sure if the application is going to prompt them
after 90 


days to change the password or they will just start getting locked out.





Don't just search. Find. Check out the new MSN Search! 
http://search.msn.click-url.com/go/onm00200636ave/direct/01/



--



http://www.freelists.org/webpage/oracle-l





This electronic message transmission is a PRIVATE communication which contains
information which may be confidential or privileged. The information is intended 
to be for the use of the individual or entity named above. If you are not the 
intended recipient, please be aware that any disclosure, copying, distribution 
or use of the contents of this information is prohibited. Please notify the
sender  of the delivery error by replying to this message, or notify us by
telephone (877-633-2436, ext. 0), and then delete it from your system.



--



http://www.freelists.org/webpage/oracle-l
Received on Thu Mar 02 2006 - 16:43:17 CST












Original text of this message













  HOME |
  ASK QUESTION |
  ADD INFO |
  SEARCH |
  E-MAIL US