As you might have noticed, you will be prompted to enable VALIDATE PASSWORD
component while setting up password for MySQL root user. If enabled, the Validate Password component will automatically check the strength of the given password and enforce the users to set only the passwords that are secure enough. If you provide a weak password, you will encounter with an error like this - ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
.
Technically speaking, it is not actually an error. This is a built-in security mechanism that forces the users to provide only the strong passwords based on the current password policy requirements.
Let me show you an example. I log in to MySQL server as root
user using command:
$ mysql -u root -p
Create a database user with a weak password:
mysql> create user 'ostechnix'@'localhost' identified by 'mypassword';
And I encounter with the following error:
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
See? The Validate Password
component doesn't allow me to create a user with a weak password (i.e. mypassword
in this case).
You will keep getting this error until the password meets the requirements of the current password policy or you disable the Validate Password
component. We will see how to do it in the following section.
Fix - MySQL ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
There are three levels of password validation policy enforced when Validate Password
plugin is enabled:
- LOW Length >= 8 characters.
- MEDIUM Length >= 8, numeric, mixed case, and special characters.
- STRONG Length >= 8, numeric, mixed case, special characters and dictionary file.
Based on these policy levels, you need to set an appropriate password. For example, if the password validation policy is set to Medium, you must set a password that has at least 8 characters including a number, lowercase, uppercase and special characters.
First we need to find the current password policy level. To do so, run the following command to show Password Validation Plugin system variables:
mysql> SHOW VARIABLES LIKE 'validate_password%';
Sample output:
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | MEDIUM |
| validate_password.special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.09 sec)
As you can see, the currently enforced password level is Medium. So our password should be 8 characters long with a number, mixed case and special characters.
I am going to set this password - Password123#@!
using command:
mysql> create user 'ostechnix'@'localhost' identified by 'Password123#@!'; Query OK, 0 rows affected (0.36 sec)
See? It works now! So, in order to fix the "ERROR 1819 (HY000)...
" error, you need to enter a password as per the current password validation policy.
Change password validation policy in MySQL
You can also solve the "ERROR 1819 (HY000)...
" by setting up a lower level password policy.
To do so, run the following command from the mysql prompt:
mysql> SET GLOBAL validate_password.policy = 0;
Or,
mysql> SET GLOBAL validate_password.policy=LOW;
Then check if the password validation policy has been changed to low:
mysql> SHOW VARIABLES LIKE 'validate_password%';
Sample output:
+--------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------+-------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | LOW |
| validate_password.special_char_count | 1 |
+--------------------------------------+-------+
7 rows in set (0.00 sec)
Now you can create a user with a weak password like below:
mysql> create user 'senthil'@'localhost' identified by 'password';
To revert back to MEDIUM level policy, simply run this command from mysql prompt:
mysql> SET GLOBAL validate_password.policy=MEDIUM;
If the password policy doesn't change, exit from the mysql prompt and restart mysql service from your Terminal window:
$ sudo systemctl restart mysql
Now it should work.
Heads Up: One of our reader has pointed out that there is typo in the following command:
mysql> SET GLOBAL validate_password.policy=LOW;
It should be:
mysql> SET GLOBAL validate_password_policy=LOW;
Note the underscore in the above command. Since I have deleted the setup, I have no way of verifying this command. But I assume the command has been changed in the newer versions of MySQL.
Disable password validation policy
If you like to create users with weak password, simply disable the Validate Password
component altogether and re-enable it back after creating the users.
Log in to the MySQL server:
$ mysql -u root -p
To temporarily disable Validate Password component, run the following command from MySQL prompt:
mysql> UNINSTALL COMPONENT "file://component_validate_password";
Create the users with any password of your choice:
mysql> create user 'kumar'@'localhost' identified by '123456';
Finally, enable Validate Password component:
mysql> INSTALL COMPONENT "file://component_validate_password";
I personally don't recommend changing the policy to lower level or disabling password policy. Be it a database user or normal user, always use a strong password with more than 8 characters including a number, mixed case, and spacial characters.
Conclusion
In this guide, we learned about one of the common MySQL error - ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
and how to fix it in Linux. We also learned how to disable password policy to allow weak passwords in some cases. Personally I recommend you to use a strong password.
6 comments
Very Helpful blog, There is a small Typo please Correct it.
mysql> SET GLOBAL validate_password.policy=LOW; –> Typo not . it would be _
mysql> SET GLOBAL validate_password_policy=LOW;
Make sure SQL_LOG_BIN=0 if this database has any slave server that’s also affected.
MYSQL> SET SQL_LOG_BIN=0;
mysql> select @@SQL_LOG_BIN;
I was going to post that too UZZAL.
mysql> SET GLOBAL validate_password.policy=LOW;
should be…
mysql> SET GLOBAL validate_password_policy=LOW;
After this change worked for me. Thanks great article!
Gracias !!!
thank you
thank you very helpfull i only managed to change it when i disabled the policy the reactivate it
Its worked. I set priority to 0 “LOW” and all done. I’m on local server so, LOW is good for me.