How to Fix “ORA-28011: the account will expire soon; change your password now”

If you’ve logged into your Oracle database and seen this message:

ORA-28011: the account will expire soon; change your password now

don’t panic. It’s not an error that stops you from working—it’s more of a warning. But it does mean that Oracle is nudging you to take action soon.

Let’s walk through why it happens, how to check your user’s password policies, and how to make it go away permanently.

📌 What Does ORA-28011 Mean?

When you see:

SQL> conn SCOTT/TIGER@orcl
ORA-28011: the account will expire soon; change your password now
Connected.

You’re still logged in successfully. The warning simply means your password is currently in the grace period—a window after expiration where logins are still allowed, but Oracle wants you to change your password.

This happens when Oracle’s password expiration policy is in effect, even if you recently updated your profile to remove expiration.

Step 1: Check the Password Policy

Oracle uses profiles to manage password policies. Let’s find out what policy applies to your user:

SELECT profile FROM dba_users WHERE username = 'SCOTT';

Assume the result is DEFAULT. Now, inspect that profile’s password rules:

COLUMN resource_name FORMAT A30
COLUMN limit FORMAT A30

SELECT resource_name, limit 
FROM dba_profiles 
WHERE profile = 'DEFAULT' 
  AND resource_name LIKE 'PASSWORD%' 
ORDER BY resource_name;

A typical output might look like this:

RESOURCE_NAME                 LIMIT
---------------------------- ------------------------------
PASSWORD_GRACE_TIME          7
PASSWORD_LIFE_TIME           180
PASSWORD_LOCK_TIME           1
PASSWORD_REUSE_MAX           UNLIMITED
PASSWORD_REUSE_TIME          UNLIMITED
PASSWORD_VERIFY_FUNCTION     NULL

This tells us that passwords expire every 180 days, and after expiration, users have 7 days (grace period) to change them.

Step 2: Why the Warning Won’t Go Away Automatically

Even if you later alter the profile to remove expiration like this:

ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;
ALTER PROFILE DEFAULT LIMIT PASSWORD_GRACE_TIME UNLIMITED;

…you may still see ORA-28011 until the user resets their password manually.

That’s because Oracle tracks password status per user. If a password was already expired or in grace before you changed the profile, the warning persists until you refresh the password.

✅ Step 3: Reset the Password (Even If It’s the Same)

To clear the warning, simply reset the password. You can reuse the existing password:

ALTER USER SCOTT IDENTIFIED BY TIGER;

That’s it. The next time you connect:

SQL> conn SCOTT/TIGER@orcl
Connected.

No more warning.

Bonus: Make Sure Future Users Don’t See This

To apply no-expiry rules permanently to all future users, ensure your default profile is set like this:

ALTER PROFILE DEFAULT LIMIT 
  PASSWORD_LIFE_TIME UNLIMITED 
  PASSWORD_GRACE_TIME UNLIMITED 
  PASSWORD_LOCK_TIME UNLIMITED 
  PASSWORD_REUSE_TIME UNLIMITED 
  PASSWORD_REUSE_MAX UNLIMITED;

💡 Summary

Final Note

ORA-28011 is not an error you should ignore forever. If password security matters in your environment (and it usually should), consider keeping expiration policies in place—but document them well and set up alerts before expiry, so users aren’t surprised.