Security → Authentication
Starting with this release, you can enforce a minimum password length on all PDBs by setting a mandatory profile in the CDB root. The mandatory profile is a generic profile and can only have the PASSWORD_VERIFY_FUNCTION parameter in the CREATE MANDATORY PROFILE statement to define the password limit.
Business Benefit: This profile adds a minimum password length to the local profiles with which the PDB user is associated. Because a common user sets the mandatory profile in the CDB, a PDB administrator cannot remove the password length requirement from local profiles and allow users to set insecure short passwords. To use this profile, you create a password verification function to define the password length, execute the CREATE MANDATORY PROFILE PL/SQL procedure to use the PASSWORD_VERIFY_FUNCTION function in a profile, and then set the MANDATORY_USER_PROFILE initialization parameter in the CDB root to apply it to all containers.