PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX

7 Comments

Standon DBA

Simple Explanation –

PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX

These two parameters must be set in conjunction with each other. PASSWORD_REUSE_TIME specifies the number of days before which a password cannot be reused. PASSWORD_REUSE_MAX specifies the number of password changes required before the current password can be reused. For these parameter to have any effect, you must specify an integer for both of them.

Source – Oracle Docs.[c[color=black][/color]olor=olive][/color]

Yong Huang

If you want to have the effect of setting a limit on the number of reused passwords but not on how long ago the old one was reused, you can set password_reuse_time to as close to 0 as possible. I find that the smallest is 1/172800, regardless Oracle version. That’s half a second. Obviously, if you or a program wants to cycle through 4 passwords in 0.5 seconds, the restriction imposed by password_reuse_time still takes effect.

If both PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX are set to UNLIMITED, then Oracle uses neither of these password resources.
* If PASSWORD_REUSE_MAX is set to an integer value, PASSWORD_REUSE_TIME must be set to UNLIMITED.

RAJESH PAWAR

Hi Johannes,

Thanks for your blog on PASSWORD_REUSE_TIME and PASSWORD_REUSE_MAX which is very informative but looks like they don’t check case of password character:
e.g. PASSWORD_REUSE_MAX 4 , PASSWORD_REUSE_TIME 360 and have password verification function to check upper and lower case in password.

SQL> ALTER USER power_user IDENTIFIED BY Hoppyhaliday$2;

User altered.

SQL> ALTER USER power_user IDENTIFIED BY hoppyhaliday$2;
ALTER USER power_user IDENTIFIED BY hoppyhaliday$2
*
ERROR at line 1:
ORA-28007: the password cannot be reused

In above password first char is in lower case which makes both password different so in this case, error should be “Password must contain at least one uppercase letter” instead of “the password cannot be reused”. It shows these parameters do not check upper or lower case in password.

Scroll to Top