Skip to content
Home » Oracle Database » User and Role » How to Resolve ORA-28007: the password cannot be reused

How to Resolve ORA-28007: the password cannot be reused

ORA-28007

Some user tried to change its own password, but it failed with ORA-28007.

SQL> password
Changing password for HR
Old password:
New password:
Retype new password:
ERROR:
ORA-28007: the password cannot be reused


Password unchanged

ORA-28007 means that you cannot reuse the password you had ever used to set for the new password according to the password policy.

Basically, the restriction is either from PASSWORD_REUSE_TIME or PASSWORD_REUSE_MAX in profile. Whichever is violated, the error will be thrown.

Let's see current limits of reusing password in profile.

SQL> column resource_name format a30;
SQL> column limit format a30;
SQL> select resource_name, limit from dba_profiles where resource_name in ('PASSWORD_REUSE_TIME', 'PASSWORD_REUSE_MAX') and profile = (select profile from dba_users where username = 'HR');

RESOURCE_NAME                  LIMIT
------------------------------ ------------------------------
PASSWORD_REUSE_TIME            30
PASSWORD_REUSE_MAX             3

The above result shows that the current limits of reusing password applied on the user HR. Let's see their meanings:

  • PASSWORD_REUSE_TIME
  • The number of days passed before reusing the old password. In this case, it's 30 days.

  • PASSWORD_REUSE_MAX
  • The number of password changes before reusing the old password. In this case, it's 3 times.

Solution

Theoretically, we should follow the password policy and don't use the old password too quick and too often. Choosing a whole new password to change is a better way to solve ORA-28007.

However, if you really need to reuse the old password, you should remove the limitations first. Suppose the profile is DEFAULT.

SQL> alter profile default limit password_reuse_time unlimited password_reuse_max unlimited;

Profile altered.

We use UNLIMITED to remove the restrictions.

In contrast, we can set PASSWORD_REUSE_TIME to a meaningful value to force a new user to change password at its first time login.

4 thoughts on “How to Resolve ORA-28007: the password cannot be reused”

    1. I made the definition clearer as below.

      ORA-28007 means that you cannot reuse the password you had ever used before to set for the new password according to the password policy.

      Thanks for your reminding.

Leave a Reply

Your email address will not be published. Required fields are marked *