In this article, we explain why should you change your password 

If you want to save our data then you should change your passwords each and every day but it is not possible for everyone so changing your password within the week reduces your risk of exposure and avoids a number of dangers. According to cybersecurity law, mostly attacker attacks a weak or stolen password so please make a password strong like using numbers and charters minimum numbers of your password is like above a number of 10 digits. 

 If you have upgraded from an earlier release of the Database, you may have user accounts that have default passwords. These are default accounts that are created when you create a database, such as the HR, OE, and SCOTT accounts.

For greater security, change the passwords for these accounts. Using a default password that is commonly known can make your database vulnerable to attacks by intruders. 

Using a Password Management Policy

• About Managing Passwords
• Finding User Accounts That Have Default Passwords
• Configuring Password Settings in the Default Profile
• Automatically Locking a User Account After a Failed Login
• Controlling Password Aging and Expiration
• Password Change Life Cycle
• Controlling User Ability to Reuse Previous Passwords
• Enforcing Password Complexity Verification
• Enabling or Disabling Password Case Sensitivity

Automatically Locking a User Account After a Failed Login

Example 3–2 sets the maximum number of failed login attempts for the user johndoe to 10 (the default), and the amount of time the account locked to 30 days. The account will unlock automatically after 30 days. 

Controlling User Ability to Reuse Previous Passwords

If you do not specify a parameter, then the user can reuse passwords at any time, which is not a good security practice. 

If neither parameter is UNLIMITED, then password reuse is allowed, but only after meeting both conditions. The user must have changed the password the specified number of times, and the specified number of days must have passed since the previous password was last used.

For example, suppose that the profile of user A had PASSWORD_REUSE_MAX set to 10 and PASSWORD_REUSE_TIME set to 30. User A cannot reuse a password until he or she has reset the password 10 times, and until 30 days had passed since the password was last used.

If either parameter is specified as UNLIMITED, then the user can never reuse a password. 

If you set both parameters to UNLIMITED, then Oracle Database ignores both, and the user can reuse any password at any time