I wrote about the new defaults in 10gR2 more than 5 years ago
FAILED_LOGIN_ATTEMPTS default to 10 in 10gR2
This new DEFAULT increases the security by preventing the users from trying millions of different passwords. However the locking of application users is noticeably decreasing the database availability 🙁
My recommendation :
– create a separate profile for the application users with high availabilty requirement with a default of 1000
– add 2 characters to the password of those accounts
SQL> create user u identified by a4sec2pw; User created. SQL> grant create session to u; Grant succeeded.
“U” is a critical user in your application where account locking would mean downtime !
Let’s try to make the schema 10 times more secure and 100 times more available :
SQL> create profile failed1000 limit failed_login_attempts 1000; Profile created. SQL> alter user u identified by a4sec2pwx1 profile failed1000; User altered.