Introduction

Oracle passwords have a lot of subtle constraints. If you set a password that violates these constraints, you won't be able to login to your Oracle instance.

Oracle Password Constraints

An Oracle password has the following rules:

1. Passwords must be from 1 to 30 characters long.
2. Passwords cannot contain quotation marks.
3. Passwords are not case sensitive. (However, Oracle DB Server 11g now allows for case sensitive passwords)
4. A Password must begin with an alphabetic character.
5. Passwords can contain only alphanumeric characters and the underscore (_), dollar sign ($), and pound sign (#). Oracle strongly discourages you from using $ and #.
6. A Password cannot be an Oracle reserved word (eg: SELECT).

Notes

1. In February 2012, a CSE student put a forward slash (/) in his password. The forward slash prevented Oracle from parsing the password correctly, earning the student this error message:

   
   SP2-0306: Invalid option.
   >>> Usage: CONN[ECT] [logon] [AS {SYSDBA|SYSOPER|SYSASM}]
   >>> where    ::=[/][@]
   >>> [edition=value] | /
   
   

References

1. http://wings.buffalo.edu/computing/documentation/unix/oracle.html