🧩 How to Fix ORA-28001: The Password Has Expired

🧩 Introduction

One of the most common Oracle login errors is ORA-28001: The password has expired. This happens when a user tries to log in after their password has reached the maximum lifetime defined in the database profile. The error prevents access until the password is reset. In production environments, this can cause application downtime if not addressed quickly.

Step 1: Confirm the Error

When trying to connect with SQL*Plus or through an application, you might see:

ORA-28001: the password has expired

This confirms the issue is related to password expiration.

Step 2: Log in as DBA

You need to log in with a privileged account (like sysdba) to reset the user’s password:

sqlplus / as sysdba

Step 3: Reset the Expired Password

Use the following command to reset the user’s password:

ALTER USER username IDENTIFIED BY new_password;

Example:

ALTER USER apps IDENTIFIED BY Welcome123;

The user will now be able to log in with the new password.

Step 4: Check and Adjust Profile Settings

Identify which profile the user belongs to:

SELECT username, profile FROM dba_users WHERE username='APPS';

Check the password lifetime limit for that profile:

SELECT profile, resource_name, limit 

FROM dba_profiles 

WHERE profile='DEFAULT' AND resource_name='PASSWORD_LIFE_TIME';

By default, Oracle often sets PASSWORD_LIFE_TIME = 180 days.

Step 5: Prevent Future Expiration Issues

If you want to avoid future password expiration for application or system accounts, modify the profile:

ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;

This ensures that user passwords will not expire again (useful for application accounts).

Step 6: Re-test Login

Try connecting with the user’s new password:

sqlplus apps/Welcome123@ORCL

If the connection succeeds, the issue is resolved.

Conclusion

The ORA-28001 error indicates an expired password. Resetting the password and adjusting profile settings resolves the issue immediately. For critical accounts like Oracle E-Business Suite (EBS) users, it’s recommended to disable password expiration to prevent unexpected downtime.