How to Change MySQL Password Policy Level

By Rahul2 Mins ReadUpdated:

The latest MySQL servers come with a validate password plugin. This plugin configures a password policy to make MySQL server more secure.

Advertisement

While changing the password, I got the error: ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

Follow below tutorial to change password policy level for MySQL. Alternatively, you can also use this tutorial to remove the password policy plugin.

Change MySQL Password Policy

To change the default password policy level, we can change the settings at runtime using the command line or in the config file (my.cnf/mysqld.cnf) permanently.

Login to MySQL command prompt and execute the below query to view current settings of validate_password.

1
mysql> SHOW VARIABLES LIKE 'validate_password%';

Output 

+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password.check_user_name    | ON     |
| validate_password.dictionary_file    |        |
| validate_password.length             | 8      |
| validate_password.mixed_case_count   | 1      |
| validate_password.number_count       | 1      |
| validate_password.policy             | MEDIUM |
| validate_password.special_char_count | 1      |
+--------------------------------------+--------+
7 rows in set (0.01 sec)

The default level is MEDIUM, we can change it to LOW by using the below query. The LOW level required only password’s length to min 8 characters.

1
mysql> SET GLOBAL validate_password.policy=LOW;

Output 

Query OK, 0 rows affected (0.02 sec)

To make this setting permanent edit MySQL configuration (my.cnf) file and add below settings.

[mysqld]
validate_password.policy=LOW

Save the file and restart the MySQL service to apply changes.

MySQL password Policy
Share.

Related Posts

13 Comments

  3. Johnny on

    Adding

    [mysqld]
    validate_password_policy=2

    (or 0 for LOW) to my /etc/mysql/my.cnf file, or to my /etc/mysql/mysql.conf.d/mysql.cnf file alone did not work for me. When restarting mysql, I kept getting “Job for mysql.service failed because the control process exited with error code.” error. Then I added the plugin line (below) and restarted mysql, and it worked – my password policy changed on mysql startup. I got the idea from this bug report: https://bugs.mysql.com/bug.php?id=93959 and it worked for me. Hopefully this will help someone, before you pull out all your hair:

    Add to /etc/mysql/my.cnf
    [mysqld]
    plugin-load-add=validate_password.so
    validate_password_policy=2

    Then, on the Linux command line, type and execute:
    sudo service mysql restart

    and (hopefully) mysql will start without error. Verify your password policy by running this command in the mysql command line (with root access):
    SHOW VARIABLES LIKE ‘validate_password%’;

    and hopefully you will see validate_password_policy STRONG (or LOW, or whatever you have set in my.cnf) in the result set.

    Reply
  5. Gabriel Vila Real on

    Thank you for this useful tip!
    I used to have the root user with a blank password on my development environment. I need to set the full set of validation variables password on mysqld.cnf to it works again. On mysqld.cnf now I have:

    validate_password.check_user_name=OFF
    validate_password.dictionary_file=
    validate_password.length=0
    validate_password.mixed_case_count=0
    validate_password.number_count=0
    validate_password.policy=LOW
    validate_password.special_char_count=0

    Reply
  6. Frank on

    Hi there,
    thanks for direction, there is a typo, you have:
    mysql> SET GLOBAL validate_password_policy=LOW;
    it should be:
    mysql> SET GLOBAL validate_password.policy=LOW;
    (as visible from command:)
    SHOW VARIABLES LIKE ‘validate_password%’;

    All the best,

    Reply

Leave A Reply