you don't need to GRANT ALTER USER for that to work
Any user can issue the command ALTER USER myOwnName IDENTIFIED BY myNewPassword; You don't need to GRANT ALTER USER for that to work. You only need to GRANT ALTER USER if you want that user to be able to change other user accounts.
The ALTER USER command fails sometimes if the user is changing their password and their user account is linked to a profile with a password verification function. (The specifics were detailed on Oracle MetaLink in 2002 under my name.) If this occurs in your system, you may be forced to use the SQL*PLUS password command and stop using tools like OEM Secuity Manager since they use ALTER USER commands. The drawback is SQL*Plus PASSWORD command is unique to SQL*Plus - you cannot call it from within a stored procedure since stored procedures run in server memory and not in a client tool like SQL*Plus.