starting from Oracle 12cR2 you need to configure password file to change SYS account password.

as you know when accessing the database as software owner (OS authentication), no need for password to be supplied. However, a default password is stored in the data dictionary so if you have a security compliance justification to change it then please follow the steps in this blog post.

its worth mentioning that “ALTER USER” system privilege when granted to a database account will enable him to alter any database account except for “SYS” (this security enhancement was introduced in 12cR2 and beyond). and makes sense now since Oracle requires a password file for password change !

ALTER USER system privilege in Oracle 12cR2

The following error will be thrown if you attempt to change the SYS password:

SQL> alter user sys identified by gigi78rq ;

alter user sys identified by gigi78rq

*

ERROR at line 1:

ORA-01994: Password file missing or disabled

1. first set init.ora parameter to the following

remote_login_passwordfile=exclusive

then restart the database

2. go to $ORACLE_HOME/dbs , then exeucte the following command to generate a password file:

orapwd file=orapwSID password=XXXXXX entries=3

3. verification query:

SQL> col username for a10

SQL> select username,sysdba,sysoper from v$pwfile_users;

4. after that execute the following command to reset the SYS password:

SQL> alter user sys identified by XXXXXX ;

5. you can then remove or rename the password file later.

6. change init.ora parameter back to remote_login_passwordfile=none and restart the database.