As an Oracle veteran, one of the surprises Oracle 11g had in store for me, was password case-sensitivity.
One could have discovered it by reading thoroughly through the new features. But one was busy working on a startup idea, and discovered it the hard way.... as this feature comes with case sensitivity security enabled as the default, out-of-the-box.
So, now that the startup is sadly behind, and looking ahead at the future, it is time to record some points to remember:
The parameter: SEC_CASE_SENSITIVE_LOGON
tells of the password case-sensitivity status.
False - case insensitive passwords
True - case sensitive passwords
The DBA_USERS view includes a PASSWORD_VERSIONS column.
Users imported from ealier versions of the db, will have a "10G" (and maintain case insensitive passwords independent of the SEC_CASE_SENSITIVE_LOGON parameter setting).
But pay attention: the passwords of those users will adhere to the DB norm, once they are changed.