Changing System Passwords in Oracle 19c

Changing the passwords for the `SYS` and `SYSTEM` users in Oracle 19c involves the following steps:
Prerequisites:

• Ensure you have administrative access to the database (e.g., as SYSDBA).
• If the database is running, ensure you can connect to it.

Steps to Change Passwords:

1. Connect to the Database as SYSDBA:

   Open a terminal or command prompt and log in using SQL*Plus:

         sqlplus / as sysdba
       

   Alternatively, if connecting remotely:

         sqlplus sys@<TNS_ALIAS> as sysdba
       

   You will need to provide the password.

2. Change the SYS Password:

   Execute the following SQL command:

         ALTER USER SYS IDENTIFIED BY new_password;
       

   Replace new_password with the desired password for the SYS user.

3. Change the SYSTEM Password:

   Execute the following SQL command:

         ALTER USER SYSTEM IDENTIFIED BY new_password;
       

   Replace new_password with the desired password for the SYSTEM user.

4. Verify the Changes:

   Test the new passwords by connecting to the database:

         sqlplus sys/new_password@<TNS_ALIAS> as sysdba
       

         sqlplus system/new_password@<TNS_ALIAS>
       

Notes:

• Ensure the new passwords meet your organization's security policies (e.g., length, complexity).
• In case you have PASSWORD_LIFE_TIME restrictions in the profile, ensure it is appropriately configured.

        ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;
      

• If you're using Oracle Wallet or other authentication methods, update any relevant configuration files if needed.

Example Session:

sqlplus / as sysdba
SQL> ALTER USER SYS IDENTIFIED BY NewSysPassword123;
SQL> ALTER USER SYSTEM IDENTIFIED BY NewSystemPassword123;
SQL> exit

By following these steps, the passwords for the `SYS` and `SYSTEM` users in Oracle 19c can be updated securely.

In practice, I often don't change the default passwords until I've gone through all the other database creation tasks that you will read about in this module. On an experimental database, I sometimes don't change them at all. That's certainly not a best practice. If you choose not to change your passwords from their defaults, at least be cognizant of the security risk. Anyone who knows anything about Oracle will be able to do anything they want to your database. When you change these passwords is probably not as important as making sure that you do change them., However, changing them sooner rather than later reduces your exposure to risk.
After you have successfully executed the CREATE DATABASE command, you will have a database with two users: SYS and SYSTEM. Their passwords are CHANGE_ON_INSTALL and MANAGER, respectively. Everyone who works with Oracle knows about these default passwords, so you should immediately change them to something that only you know. The ALTER USER command is used to change passwords, and it can be executed from SQL*Plus after the CREATE DATABASE command has finished.
The following example shows the SYS and SYSTEM passwords being changed to lampdesk and dogtoad, respectively.

SQL> CONNECT INTERNAL
Connected.
SQL> ALTER USER sys IDENTIFIED BY lampdesk;
Statement processed.
SQL> ALTER USER system IDENTIFIED BY dogtoad;
Statement processed.
SQL>

Pick two passwords not the ones that I used here and take a moment now to issue the appropriate ALTER USER to change the SYS and SYSTEM passwords for your new COIN database.