What are the valid characters for Oracle passwords? This is a more complicated question than you would think. Here are the basic restrictions on Oracle passwords. I believe these apply to all (8i or later) Oracle database versions; however I did these examples in a 10gR2 instance.

First the rules:

Passwords can be from 1 to 30 characters.

The first character in an Oracle password must be a letter.

Only letters, numbers, and the symbols “#”, “_” and “$” are acceptable in a password.

Examples:

SQL> alter user jemmons identified by abc123;

User altered.

SQL> alter user jemmons identified by 123abc;
alter user jemmons identified by 123abc
*
ERROR at line 1:
ORA-00988: missing or invalid password(s)

SQL> alter user jemmons identified by abc!123;
alter user jemmons identified by abc!123
*
ERROR at line 1:
ORA-00922: missing or invalid option

In the first example we see a password that meets all the rules. The second password starts with a number and therefore fails. The third example contains the special character “!” and fails.

Now the exception:

By placing double quotes around a password you can use most standard ASCII characters in a password.

Examples:

SQL> alter user jemmons identified by "123abc";

User altered.

SQL> connect jemmons/123abc;
Connected.
SQL> alter user jemmons identified by "abc!123";

User altered.

SQL> connect jemmons/abc!123;
Connected.

We see that the quotes let us work around some of these restrictions. This is useful if you are working in a fairly simple environment, however if it is possible that a user’s password could be changed by means which you do not control it is likely doing this would cause more confusion than it would solve.

It is also worth note that capitalization is not considered when storing Oracle passwords. Here’s an example:

SQL> alter user jemmons identified by ABC123;

User altered.

SQL> connect jemmons/abc123;
Connected.

Before the password is encrypted into the database it is put in all caps. When you enter a password for authentication it is capitalized so it can be compared against the stored encrypted password.

oracle, dba, database, database administration, database security, database administrator