How to Change MySQL Password Policy Level

    RahulBy 2 Mins ReadUpdated:

    The latest MySQL servers come with a validate password plugin. This plugin configures a password policy to make MySQL server more secure.

    While changing the password, I got the error: ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

    Follow below tutorial to change password policy level for MySQL. Alternatively, you can also use this tutorial to remove the password policy plugin.

    Change MySQL Password Policy

    To change the default password policy level, we can change the settings at runtime using the command line or in the config file (my.cnf/mysqld.cnf) permanently.

    Login to MySQL command prompt and execute the below query to view current settings of validate_password.

    1
    mysql> SHOW VARIABLES LIKE 'validate_password%';

    Output 
    
+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password.check_user_name    | ON     |
| validate_password.dictionary_file    |        |
| validate_password.length             | 8      |
| validate_password.mixed_case_count   | 1      |
| validate_password.number_count       | 1      |
| validate_password.policy             | MEDIUM |
| validate_password.special_char_count | 1      |
+--------------------------------------+--------+
7 rows in set (0.01 sec)

    The default level is MEDIUM, we can change it to LOW by using the below query. The LOW level required only password’s length to min 8 characters.

    1
    mysql> SET GLOBAL validate_password.policy=LOW;

    Output 
    
Query OK, 0 rows affected (0.02 sec)

    To make this setting permanent edit MySQL configuration (my.cnf) file and add below settings.

    [mysqld]
validate_password.policy=LOW

    Save the file and restart the MySQL service to apply changes.

    Share.

    Related Posts

    13 Comments

    3. Johnny on

      Adding

      [mysqld]
      validate_password_policy=2

      (or 0 for LOW) to my /etc/mysql/my.cnf file, or to my /etc/mysql/mysql.conf.d/mysql.cnf file alone did not work for me. When restarting mysql, I kept getting “Job for mysql.service failed because the control process exited with error code.” error. Then I added the plugin line (below) and restarted mysql, and it worked – my password policy changed on mysql startup. I got the idea from this bug report: https://bugs.mysql.com/bug.php?id=93959 and it worked for me. Hopefully this will help someone, before you pull out all your hair:

      Add to /etc/mysql/my.cnf
      [mysqld]
      plugin-load-add=validate_password.so
      validate_password_policy=2

      Then, on the Linux command line, type and execute:
      sudo service mysql restart

      and (hopefully) mysql will start without error. Verify your password policy by running this command in the mysql command line (with root access):
      SHOW VARIABLES LIKE ‘validate_password%’;

      and hopefully you will see validate_password_policy STRONG (or LOW, or whatever you have set in my.cnf) in the result set.

      Reply
    5. Gabriel Vila Real on

      Thank you for this useful tip!
      I used to have the root user with a blank password on my development environment. I need to set the full set of validation variables password on mysqld.cnf to it works again. On mysqld.cnf now I have:

      validate_password.check_user_name=OFF
      validate_password.dictionary_file=
      validate_password.length=0
      validate_password.mixed_case_count=0
      validate_password.number_count=0
      validate_password.policy=LOW
      validate_password.special_char_count=0

      Reply
    6. Frank on

      Hi there,
      thanks for direction, there is a typo, you have:
      mysql> SET GLOBAL validate_password_policy=LOW;
      it should be:
      mysql> SET GLOBAL validate_password.policy=LOW;
      (as visible from command:)
      SHOW VARIABLES LIKE ‘validate_password%’;

      All the best,

      Reply

    Leave A Reply