As you might have noticed, you will be prompted to enable "VALIDATE PASSWORD" component while setting up password for MySQL root user. If enabled, the Validate Password component will automatically check the strength of the given password and enforces the users to set only those passwords which are secure enough. If you provide a weak password, you will encounter with an error like - "ERROR 1819 (HY000): Your password does not satisfy the current policy requirements.". Technically speaking, it is not actually an error. This is a built-in security mechanism that notifies the users to provide only the strong passwords based on the current password policy requirements.
Let me show you an example. I log in to MySQL server as root user using command:
$ mysql -u root -p
Create a database user with a weak password:
mysql> create user 'ostechnix'@'localhost' identified by 'mypassword';
And I encounter with the following error:
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
See? The Validate Password components doesn't allow me to create a user with a weak password (i.e. mypassword in this case). You will keep getting this error until the password meets the requirements of the current password policy or you disable the Validate Password component. We will see how to do it in the following section.
Fix - MySQL ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
There are three levels of password validation policy enforced when Validate Password is enabled:
- LOW Length >= 8 characters.
- MEDIUM Length >= 8, numeric, mixed case, and special characters.
- STRONG Length >= 8, numeric, mixed case, special characters and dictionary file.
Based on these policy levels, you need to set an appropriate password. For example, if the password validation policy is set to Medium, you must set a password that has at least 8 characters including a number, lowercase, uppercase and special characters.
First we need to find the current password policy level. To do so, run the following command to show Password Validation Plugin system variables:
mysql> SHOW VARIABLES LIKE 'validate_password%';
Sample output:
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | MEDIUM |
| validate_password.special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.09 sec)
As you can see, the currently enforced password level is Medium. So our password should be 8 characters long with a number, mixed case and special characters.
I am going to set this password - Password123#@! using command:
mysql> create user 'ostechnix'@'localhost' identified by 'Password123#@!'; Query OK, 0 rows affected (0.36 sec)
See? It works now! So, in order to fix the "ERROR 1819 (HY000)..." error, you need to enter a password as per the current password validation policy.
Change password validation policy
You can also solve the "ERROR 1819 (HY000)..." by setting up a lower level password policy.
To do so, run the following command from the mysql prompt:
mysql> SET GLOBAL validate_password.policy = 0;
Or,
mysql> SET GLOBAL validate_password.policy=LOW;
Then check if the password validation policy has been changed to low:
mysql> SHOW VARIABLES LIKE 'validate_password%';
Sample output:
+--------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------+-------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | LOW |
| validate_password.special_char_count | 1 |
+--------------------------------------+-------+
7 rows in set (0.00 sec)
Now you can create a user with a weak password like below:
mysql> create user 'senthil'@'localhost' identified by 'password';
To revert back to MEDIUM level policy, simply run this command from mysql prompt:
mysql> SET GLOBAL validate_password.policy=MEDIUM;
If the password policy doesn't change, exit from the mysql prompt and restart mysql service from your Terminal window:
$ sudo systemctl restart mysql
Now it should work.
Disable password validation policy
If you like to create users with weak password, simply disable the Validate Password component altogether and re-enable it back after creating the users.
Log in to the MySQL server:
$ mysql -u root -p
To temporarily disable Validate Password component, run the following command from mysql prompt:
mysql> UNINSTALL COMPONENT "file://component_validate_password";
Create the users with any password of your choice:
mysql> create user 'kumar'@'localhost' identified by '123456';
Finally, enable Validate Password component:
mysql> INSTALL COMPONENT "file://component_validate_password";
I personally don't recommend changing the policy to lower level or disabling password policy. Be it a database user or normal user, always use a strong password with more than 8 characters including a number, mixed case, and spacial characters.
Related read:
- Install Apache, MySQL, PHP (LAMP Stack) On Ubuntu 20.04 LTS
- Install Nginx, MySQL, PHP (LEMP Stack) On Ubuntu 20.04 LTS
Thanks for stopping by!
Help us to help you:
- Subscribe to our Email Newsletter : Sign Up Now
- Support OSTechNix : Donate Via PayPal
- Download free E-Books and Videos : OSTechNix on TradePub
- Connect with us: Reddit | Facebook | Twitter | LinkedIn | RSS feeds
Have a Good day!!
2 comments
Very Helpful blog, There is a small Typo please Correct it.
mysql> SET GLOBAL validate_password.policy=LOW; –> Typo not . it would be _
mysql> SET GLOBAL validate_password_policy=LOW;
Make sure SQL_LOG_BIN=0 if this database has any slave server that’s also affected.
MYSQL> SET SQL_LOG_BIN=0;
mysql> select @@SQL_LOG_BIN;
I was going to post that too UZZAL.
mysql> SET GLOBAL validate_password.policy=LOW;
should be…
mysql> SET GLOBAL validate_password_policy=LOW;
After this change worked for me. Thanks great article!