Understanding ‘ora-28000: The Account Is Locked’ In Oracle

Understanding ‘ora-28000: The Account Is Locked’ In Oracle


Executive Summary


Oracle error ‘ora-28000’ indicates that a user account has been locked, preventing it from accessing the database. To resolve this, it is necessary to understand the reasons behind the account lockout and apply appropriate measures to unlock it. This article thoroughly analyzes the causes and solutions for ‘ora-28000’ errors, providing guidance on effectively managing user accounts in Oracle environments.



Oracle database systems employ robust security mechanisms to protect data integrity and user access. One such mechanism is the implementation of account lockouts, triggered when specific login attempts exceed a predefined threshold. These lockouts serve as a protective measure against unauthorized access and potential security breaches. Understanding the ‘ora-28000’ error and its resolution is crucial for ensuring uninterrupted database operations.


Root Causes of Account Lockouts

  • Incorrect Login Credentials: Multiple failed login attempts using invalid usernames or passwords can trigger account lockouts.

  • Brute Force Attacks: Automated scripts or malicious attempts to guess user credentials can lead to excessive login failures and account lockouts.

  • Network Issues: Unstable network connections or outages can disrupt login processes, resulting in perceived failed attempts and subsequent lockouts.

  • Middleware Failures: Integration issues between Oracle and middleware technologies, such as application servers, can hinder successful logins and contribute to lockouts.

Prevention and Mitigation Strategies

  • Strong Password Policies: Implement robust password requirements, including minimum length, complexity, and expiration intervals, to deter brute force attacks and improve account security.

  • Login Throttling: Configure account lockout thresholds to limit login attempts within a specific time frame, preventing rapid succession of failed logins.

  • Network Monitoring: Regularly monitor network connections and address any connectivity issues promptly to minimize the occurrence of failed logins due to network disruptions.

  • Middleware Integration Testing: Thoroughly test and optimize the integration between Oracle and middleware technologies to eliminate login failures caused by middleware issues.

Troubleshooting and Unlocking Accounts

  • Identifying the Locked Account: Utilize Oracle tools like SELECT USERNAME FROM DBA_USERS WHERE STATUS='LOCKED' to identify the locked user account.

  • Resetting Passwords: Reset the password for the locked account using the ALTER USER {username} IDENTIFIED BY {new_password} command.

  • Granting Privileges: Ensure that the unlocked account has the necessary privileges to access the database by granting appropriate roles and permissions.

  • Expiration and Failed Login Attempts: Check the account’s password expiration status and reset the password if it has expired. Additionally, verify the number of failed login attempts to determine the underlying cause of the lockout.

Identifying and Preventing Future Lockouts

  • Monitoring Login Attempts: Regularly monitor login logs to identify suspicious or excessive failed login attempts, indicating potential security risks.

  • Security Auditing: Conduct periodic security audits to detect vulnerabilities and strengthen account protection measures.

  • User Awareness and Training: Educate users about password security best practices and the consequences of repeated failed login attempts.

  • Multi-Factor Authentication: Implement multi-factor authentication mechanisms to add an extra layer of security and reduce the likelihood of account compromise.


Resolving ‘ora-28000’ errors requires a comprehensive understanding of the underlying causes and effective implementation of prevention and troubleshooting strategies. By adhering to strong password policies, implementing login throttling mechanisms, monitoring network connections, and optimizing middleware integration, database administrators can proactively prevent account lockouts. Furthermore, timely identification and unlocking of locked accounts, thorough investigation of root causes, and proactive measures to deter future lockouts are essential for maintaining secure and uninterrupted database operations.

Keyword Phrase Tags

  • Oracle Account Locked Error (ora-28000)
  • Failed Login Attempts and Account Lockouts
  • Troubleshooting Locked Accounts in Oracle
  • Preventing Account Lockouts with Oracle
  • Best Practices for Oracle User Account Security
Share this article
Shareable URL
Prev Post

Resolving ‘referenceerror: Can’t Find Variable’ In Javascript

Next Post

Solving ‘error In :0:0 Caused By: No Provider For’ In Angular

Comments 13
  1. Actually, you can also get this error if you try to connect to a database that is not running. The article should have mentioned this

  2. If you forgot your password, you can click on the “Forgot Password” link on the login page to reset it

  3. To prevent the ORA-28000 error from happening in the future, you can use a strong password and avoid entering it incorrectly multiple times. You can also set your account to lock after a certain number of failed login attempts

Dodaj komentarz

Twój adres e-mail nie zostanie opublikowany. Wymagane pola są oznaczone *

Read next