There is a default password verify function under $ORACLE_HOME/rdbms/admin with filename utlpwdmg.sql. This script creates a password verify function named "verify_function" and alters the default profile with the below attributes:
ALTER PROFILE DEFAULT LIMIT
verify_function has the following attributes:
- Check if the password is same as the username
- Check for the minimum length of the password (default = 4)
- Check if the password is too simple. A dictionary of words may be maintained and a check may be made so as not to allow the words that are too simple for the password. ('welcome', 'database', 'account', 'user', 'password', 'oracle', 'computer', 'abcd' words are not accepted as password by default)
- Check if the password contains at least one letter, one digit and one punctuation mark.
- Check if the password differs from the previous password by at least 3 letters.
You can customize this script to have different password verify function attributes, profile attributes and to apply to another profile.