How to Change MySQL Password Policy Level on Linux

MySQL version 5.6.6 comes with a new security plugin called Password Validation Plugin. The validate_password plugin test password strength and improve security.

Sometimes while changing the password you got the error “ERROR 1819 (HY000): Your password does not satisfy the current policy requirements”

MySQL Policy

validate_password plugin have three level of security as below:

LOW: Length >= 8
MEDIUM (Default): Length >= 8, numeric, mixed case, and special characters
STRONG: Length >= 8, numeric, mixed case, special characters, and dictionary file

See Also:

This article will provide you a short explanation of password validation plugin functionalities.

Display Password Policy:

You can verify the current policy level using mention commands.

# mysql -u root -p
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | MEDIUM |
| validate_password_special_char_count | 1 |
+--------------------------------------+--------+
6 rows in set (0.00 sec)

The default level is MEDIUM so you change it to LOW or STRONG.

Change Password Policy:

You can change the default password policy level at runtime using the command line. Here we are going to change the password policy
Method 1:

# mysql -u root -p
mysql> SET GLOBAL validate_password_policy=LOW;

Method 2:
There is another way to change the password policy. You can also use the MySQL configuration file to change the password policy.

# vim /etc/my.cnf

Add the mention line.

[mysqld]
validate_password_policy=LOW

Restart the MySQL service.

For CentOS/RHEL 7
# systemctl restart mysql
For CentOS/RHEL 6
# service mysql restart

Verify Password Policy:

After changing the password policy you can verify policy using mention command.

# mysql -u root -p
mysql> SHOW VARIABLES LIKE 'validate_password%';
+--------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------+-------+
| validate_password_dictionary_file | |
| validate_password_length | 8 |
| validate_password_mixed_case_count | 1 |
| validate_password_number_count | 1 |
| validate_password_policy | LOW |
| validate_password_special_char_count | 1 |
+--------------------------------------+-------+
6 rows in set (0.00 sec)

You can also verify password policy by creating the user on MySQL.

# mysql -u root -p
mysql> create user 'dennis'@'localhost' identified by 'abcdefg';
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements 
Create MySQL User

Set Password File:

You can also update the password file with password policy level. Here we are configuring password file with a STRONG password level.

# mysql -u root -p
mysql> SET GLOBAL validate_password_dictionary_file='/etc/my.cnf.d/passwordfile';
mysql> SET GLOBAL validate_password_policy=STRONG;
mysql> SHOW VARIABLES LIKE 'validate_password.%';
+--------------------------------------+----------------------------+
| Variable_name                        | Value                      |
+--------------------------------------+----------------------------+
| validate_password_dictionary_file    | /etc/my.cnf.d/passwordfile |
| validate_password_length             | 8                          |
| validate_password_mixed_case_count   | 1                          |
| validate_password_number_count       | 1                          |
| validate_password_policy             | STRONG                     |
| validate_password_special_char_count | 1                          |
+--------------------------------------+----------------------------+
6 rows in set (0.00 sec)

Reference:
https://dev.mysql.com/doc/refman/5.6/en/validate-password.html

Enjoy it!

Leave a Reply

Your email address will not be published.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.