How to Resolve ORA-28011: The Account Will Expire Soon;

3 min read

ADVERTISEMENT

If you work with Oracle Database, you may have seen this warning:

ORA-28011: the account will expire soon; change your password now

At first glance, this looks like an error—but it’s not. It’s actually a warning from Oracle telling you that your database user account password is about to expire.

Let’s understand why this happens and how you can fix it.

Why Does This Warning Appear?

Oracle databases use profiles to manage user accounts. These profiles contain rules that control how long a password remains valid.

  • Each user is linked to a profile.
  • That profile has a setting called PASSWORD_LIFE_TIME, which defines how many days a password can be used before it expires.
  • When your password is close to reaching this limit, Oracle shows the ORA-28011 warning.

For example:

  • If PASSWORD_LIFE_TIME = 90, you must change your password every 90 days.
  • Oracle usually shows the warning a few days before the actual expiry.

What Happens If You Ignore It?

If you don’t change your password before it expires:

  • Your account will be locked.
  • You won’t be able to log in until a DBA resets or unlocks it.

So it’s always better to take action as soon as you see this warning.

How to Fix ORA-28011

Option 1: Change Your Password Yourself

If you have permission, log in to SQL*Plus or any Oracle client tool and run:

ALTER USER your_username IDENTIFIED BY new_password;
  • Replace your_username with your Oracle username.
  • Replace new_password with your new password.

Once done, the warning will disappear because your password has been reset and the counter starts fresh.

Option 2: Ask Your DBA

If you don’t have rights to change your password, contact your Database Administrator (DBA). They can reset it for you using the same command.

Option 3: (For DBAs) Adjust Password Expiry Rules

If you’re a DBA and want to prevent frequent warnings, you can modify the profile settings.

To make passwords never expire (for users under the DEFAULT profile):

ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME UNLIMITED;

Or, to increase the duration (e.g., 180 days):

ALTER PROFILE DEFAULT LIMIT PASSWORD_LIFE_TIME 180;

⚠️ Important: Setting UNLIMITED is convenient but less secure. In production environments, use longer expiry times instead of disabling them completely.

How to Check Your Current Password Policy

Run this query to check the configured password lifetime:

SELECT * 
FROM dba_profiles 
WHERE profile = 'DEFAULT' 
AND resource_name = 'PASSWORD_LIFE_TIME';

This will tell you how long passwords remain valid in your environment.

Best Practices

  • For Users: Always change your password when you see this warning. Don’t wait until the last day.
  • For DBAs: Balance security and convenience by setting a reasonable password lifetime.
  • For Testing/Development: It’s fine to use UNLIMITED to avoid unnecessary interruptions.

Final Thoughts

The ORA-28011 warning isn’t an error—it’s a reminder. By changing your password or updating the profile settings, you can resolve it easily. Think of it as Oracle’s way of protecting your database and keeping accounts secure.

Next time you see:

ORA-28011: the account will expire soon; change your password now

you’ll know exactly what to do.

ADVERTISEMENT

Leave a Reply

Your email address will not be published. Required fields are marked *