By default Oracle's security is not extremely good. For example, Oracle
will allow users to choose single character passwords and passwords
that match their names and userids. Also, passwords don't ever expire.
This means that one can hack an account for years without ever
locking the user.
From Oracle8 one can manage passwords through profiles. Some of
the things that one can restrict:
. FAILED_LOGIN_ATTEMPTS - failed login attempts before the account is
locked
. PASSWORD_LIFE_TIME - limits the number of days the same password
can be used for authentication
. PASSWORD_REUSE_TIME - number of days before a password can be
reused