Middle-tier applications logon to the database through application schemas rather than enduser accounts. Some individuals (IT Administrators) may require direct access to the application database via their own schema.

This setting prevents the database from using an insecure logon protocol. Make sure init.ora contains:

REMOTE_OS_AUTHENT=FALSE

Following an installation, the application database instance contains default, open schemas with default passwords. These accounts and corresponding passwords are well-known, and they should be changed, especially for a database to be used in a production environment.

Use database command to change a password:

SQL> PASSWORD or SQL>PASSWORD USERNAME

Always password command should be used because the password is sent unencrypted over the net (without Advanced Security Option) if the alter user syntax is used.

Metalink Patch note 4926128 contains a SQL script that will list all open accounts with default password in your database.

In addition, the password to the default accounts like SYS, SYSTEM etc. should be complex and securely stored by the bank.