How to implement password policy on your MySQL databases

Check out how to use 'validate_password' to set up strong password policy to better protect your production database in 10 mins.

Watch Now >
Explore Cloud Managed RDS MySQL for FREE >

Official Documentation >

【Scripts】
Mysql 5.7

// weak password
create user test identified by 'admin';
Drop user test;

//check if validate_password is installed?
SELECT PLUGIN_NAME, PLUGIN_LIBRARY, PLUGIN_STATUS, LOAD_OPTION 
FROM INFORMATION_SCHEMA.PLUGINS 
WHERE PLUGIN_NAME = 'validate_password';

// install plugin
INSTALL PLUGIN validate_password SONAME 'validate_password.so';

// check status
select * from mysql.plugin;
SHOW GLOBAL VARIABLES LIKE 'validate_password%';

// test 
create user test identified by '123456';
create user test identified by 'Passw@rd1';
drop user test;

//change variables
SET GLOBAL validate_password_policy=LOW;

//uninstall
UNINSTALL PLUGIN  validate_password;

===========
MySQL 8.0

// weak password
create user test identified by 'administrator';
Drop user test;

// check if installed?
SELECT * FROM mysql.component;

// install the component
INSTALL COMPONENT 'file://component_validate_password';

// see system variables
show variables like 'validate_password%';
SHOW STATUS LIKE 'validate_password%';

// test
create user test identified by '123456';
create user test identified by 'Passw@rd1';
drop user test;

// change the variables
SET GLOBAL validate_password_policy=STRONG;

// uninstall
UNINSTALL COMPONENT 'file://component_validate_password';