Setting User Password Requirements in Oracle Applications

 
Password for Oracle application can be configured as per the organization requirements.
 
This post describes how to Configure password with optimal security in login password usage using below Below Profile settings in Oracle Application R12:

1.Setting Password Case Sensitivity Requirement
2.Setting Password Length Requirement
3.Setting Hard to Guess Requirement
4.Setting Login Attempt Limits
5.Setting Time Limit after Resetting Password
6.Enabling Forgot Your Password Functionality
7.Assigning Custom Rules

All the above Requirements are set with Configuring Profile options.
 
1.Setting Password Case Sensitivity Requirement
 
This Requirement can be Configured using the Profile Option "Signon Password Case".
 
     This profile determines whether the User Passwords can be treated as case sensitive / insensitive. Based on  the profile option – Values defined.
 
 Sensitive: All newly created or changed passwords are treated as case sensitive.
 Insensitive: Passwords are treated as case insensitive.

Note: Passwords for existing user accounts must be reset after you change this setting.
 


2.Setting Password Length Requirement
 
This Requirement can be Configured using the Profile Option "Signon Password Length".
  
This profile determines the minimum number of characters required in a user password. The default setting is 5. Oracle recommends a setting of 8 or more.
 3. Setting Hard to Guess Requirement
 
This Requirement can be Configured using the Profile Option "Signon Password Hard To Guess".
 
This profile enforces requirements that make it more difficult to guess what another user's password might be. 
 
These requirements come as a package; you must either accept or reject the whole. Oracle recommends a setting of Yes to accept the package.
   
 
4. Setting Login Attempts Limit
 
This Requirement can be Configured using the Profile Option "Signon Password Failure Limit".
 
This profile option determines the maximum number of logins a user can attempt before the user's account is disabled. 

To reinstate the account a system administrator must unlock the account and reset the password.

 For example, if the value set is 3, it will lock the account if the user enters incorrect password 3 times.
 
 
 
5.Setting Time Limit for Resetting Password
 
 
This Requirement can be Configured using the Profile Option "Signon Password No Reuse".
 
This profile will provide the number of days an user must wait before reusing an earlier used password.
 
 
 6.Enabling Forgot Password Functionality

This Requirement can be Configured using the Profile Option "Local Login Mask".
  
For the Login page to show one of more of these optional attributes,add the numeric values of all desired attributes and set the value of the profile option to that value.
  • Username Hint = 01
  • Password Hint = 02
  • Cancel Button = 04
  • Forgot Password URL = 08
  • Register URL = 16
  • Language Picker = 32
  • Corporate Policy Message = 64
For example to show the Password Hint and the Forgot Password URL only, set the Local Login Mask profile option to 10 (02+08). To show just the Language Picker, set the value to 32, which is also the default value for the profile option.



 7.Assigning Custom Rules for Password Sensitivity

Every organization has certain policies in the login credentials.Oracle Applications has a flexibility to implement custom password rules based on customer requirement
 
 This Requirement can be Configured using the Profile Option "Signon Password Custom"
 
For Setting the Value for this Profile, A Custom Java Class Should have been Created in Application.