To ensure security of the Oracle database system and prevent unauthorized access to the Oracle database, it’s important for Oracle users to not only using strong and long Oracle passwords to avoid brute force or dictionary attacks, but also to change the Oracle user password regularly. Oracle users also have to change the password when the password has or going to expire, if database system administrator implements and enforces strict password control with PASSWORD_LIFE_TIME option for user profiles which limits the number of days the password can be used for authentication to login to the system.

To change the Oracle password, users can use SQL*Plus or Oracle SQL and PL/SQL language interface administration tool such as Toad for Oracle. No matter what SQL apps you use, the commands and SQL query languages used to change the password are similar.

There are two SQL command syntaxes that can be used to change Oracle database user password:

ALTER USER user_name IDENTIFIED BY new_password;

or (from Oracle8 and above):

PASSWORD

For above SQL query, if you need to change another user’s password, use the following command:

PASSWORD user_name

For PASSWORD command, after you press Enter, you will be prompted to input the old password and new password interactively. For example:

SQL> password
Changing password for DAVID
Old password:
New password:
Retype new password:

Note: You need to have enough privileges to change other Oracle user’s password.

As the variable in italic implied by name, user_name is the user whose password wishes to be changed, and new_password is the new password to assign.

As ALTER USER SQL syntax will send the new password to the Oracle database server unencrypted if use without Advanced Security Option, and thus expose to security risk, Oracle users should always use the PASSWORD command to change the Oracle user password.