ORA-28007: the password cannot be reused
The Problem
You attempt to alter a user’s password to a previously used one and get the following error when attempting to reuse the old password:
SQL> alter user identified by
*
ERROR at line 1:
ORA-28007: the password cannot be reused
The password has been assigned to this user previously.
The Solution
The user is assigned a profile that defines the number of changes required before a password can be reused. The parameter in the profile is the limit PASSWORD_REUSE_MAX. Display its current value from the DBA_PROFILES dictionary view:
SQL> select resource_name, limit
2 from dba_profiles
3 where profile=
4 and resource_name='PASSWORD_REUSE_MAX';
RESOURCE_NAME LIMIT
-------------------------------- ----------------------------------------
PASSWORD_REUSE_MAX 3
If you do not want the user to change his password regularly, assign the user a profile with no password checking:
SQL> select profile, resource_name, limit
2 from dba_profiles
3 where resource_type='PASSWORD' order by 1,2;
PROFILE RESOURCE_NAME LIMIT
---------- -------------------------------- ------------------
DEFAULT FAILED_LOGIN_ATTEMPTS UNLIMITED
DEFAULT PASSWORD_GRACE_TIME UNLIMITED
DEFAULT PASSWORD_LIFE_TIME UNLIMITED
DEFAULT PASSWORD_LOCK_TIME UNLIMITED
DEFAULT PASSWORD_REUSE_MAX UNLIMITED
DEFAULT PASSWORD_REUSE_TIME UNLIMITED
DEFAULT PASSWORD_VERIFY_FUNCTION NULL
TEST FAILED_LOGIN_ATTEMPTS 3
TEST PASSWORD_GRACE_TIME 10
TEST PASSWORD_LIFE_TIME 60
TEST PASSWORD_LOCK_TIME .0006
TEST PASSWORD_REUSE_MAX 3
TEST PASSWORD_REUSE_TIME 1800
TEST PASSWORD_VERIFY_FUNCTION VERIFY_FUNCTION
SQL> alter user profile default;
User altered.
Conclusion
The problem manifests because the users’ profile has been explicitely defined to limit the reuse of passwords. To allow an user to change it’s password it is enough to set either PASSWORD_REUSE_TIME or PASSWORD_REUSE_MAX to UNLIMITED. It is needed to have both parameters set to UNLIMITED.