Changing System Passwords in Oracle 12c

To change the passwords for the 1) SYS and 2) SYSTEM users in Oracle 12c, you need appropriate privileges. Follow the steps below:
Prerequisites:

1. SYSDBA Privileges: You must connect as a user with SYSDBA privileges.
2. Environment Setup: Ensure ORACLE_HOME and ORACLE_SID environment variables are set properly.

Steps to Change Passwords

1. Login to SQL*Plus as SYSDBA Open a terminal or command prompt, and connect to the database using SQL*Plus:

         sqlplus / as sysdba
       

   Alternatively, if connecting remotely, use:

         sqlplus sys@<SERVICE_NAME> as sysdba
       

   You'll be prompted for the SYS password if not using operating system authentication.
2. Change the SYS Password Run the following SQL command:

         ALTER USER SYS IDENTIFIED BY <new_password>;
       

   Example:

         ALTER USER SYS IDENTIFIED BY MySecureSysPass123!;
       

3. Change the SYSTEM Password Similarly, run the command for the SYSTEM user:

         ALTER USER SYSTEM IDENTIFIED BY <new_password>;
       

   Example:

         ALTER USER SYSTEM IDENTIFIED BY MySecureSystemPass123!;
       

4. Verify the Changes Disconnect and reconnect using the new credentials:

         sqlplus sys@<SERVICE_NAME> as sysdba
       

         sqlplus system@<SERVICE_NAME>
       

Additional Considerations

1. Password Complexity: Oracle 12c enforces strong password policies if enabled. Passwords must meet these requirements:
   • Minimum length (default: 8 characters).
   • Must include uppercase, lowercase, numeric, and special characters.
   • Should not be a dictionary word.
   If the new password does not meet these criteria, you may encounter an error.
2. PDBs in Multitenant Architecture:
   • If working with a Pluggable Database (PDB), connect to the PDB first:

               ALTER SESSION SET CONTAINER = <PDB_NAME>;
             

   • Then change the passwords using the same commands.
3. Updating Password Files (if necessary):
   • If you are using password files for authentication (REMOTE_LOGIN_PASSWORDFILE is set to EXCLUSIVE or SHARED), the password file will automatically be updated when you change the password via the ALTER USER command.

By following these steps, you can successfully change the passwords for the SYS and SYSTEM users in Oracle 12c.

In practice, I often don't change the default passwords until I've gone through all the other database creation tasks that you will read about in this module. On an experimental database, I sometimes don't change them at all. That's certainly not a best practice. If you choose not to change your passwords from their defaults, at least be cognizant of the security risk. Anyone who knows anything about Oracle8 will be able to do anything they want to your database. When you change these passwords is probably not as important as making sure that you do change them., However, changing them sooner rather than later reduces your exposure to risk.
After you have successfully executed the CREATE DATABASE command, you will have a database with two users: SYS and SYSTEM. Their passwords are CHANGE_ON_INSTALL and MANAGER, respectively. Everyone who works with Oracle8 knows about these default passwords, so you should immediately change them to something that only you know. The ALTER USER command is used to change passwords, and it can be executed from Server Manager after the CREATE DATABASE command has finished. The following example shows the SYS and SYSTEM passwords being changed to lampdesk and dogtoad, respectively.

SQL> CONNECT INTERNAL
Connected.
SQL> ALTER USER sys IDENTIFIED BY lampdesk;
Statement processed.
SQL> ALTER USER system IDENTIFIED BY dogtoad;
Statement processed.
SQL>

Pick two passwords not the ones that I used here and take a moment now to issue the appropriate ALTER USER to change the SYS and SYSTEM passwords for your new COIN database.