MySQL managed database password policy
What is the password policy for MySQL (Linode managed database)?
Where is it documented?
This happened:
MySQL [(none)]> create user 'aaa'@'%' identified by 'Qe2lm90f4b8fAIxXWFxNnX5yZ2xfGh9ibDhuCQHImPxESxRbhuPv1GUpIEeSLyI' require ssl;
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
3 Replies
✓ Best Answer
The password policy for our Managed MySQL Databases are the same as the default for MySQL. Their documentation shows the following requirements:
- The password must be a minimum length of 8 characters long and contain at least 1 of each of the following:
- 1 numeric character
- 1 lowercase character
- 1 uppercase character
- 1 special (nonalphanumeric) character.
It appears the password you shared is missing a nonalphanumeric character.
I have also passed along a suggestion that we include this requirement in our documentation in the future.
I fired up a new server and installed MySQL 8.0. The password was accepted, so Linode's setup is not the default.
(Debian 11, https://dev.mysql.com/get/mysql-apt-config_0.8.22-1_all.deb)
From my testing, the password validation component (validate_password
) that CassandraD shared above is not installed by default on all self-hosted MySQL 8 databases (at least the ones that I deployed). If your self-hosted MySQL 8 installation accepted that password, it is indeed likely that validate_password
is not enabled (or is enabled but has different settings than our solution).
To determine if the validate_password
component is enabled, run the following command:
SHOW VARIABLES LIKE 'validate_password%';
If the component is enabled, the output should include variables for each of the component's settings. For instance, here's the output when running this command on a Managed Database using MySQL v8.0:
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | MEDIUM |
| validate_password.special_char_count | 1 |
+--------------------------------------+--------+
To summarize: Managed Databases using the MySQL 8.x database software come with the password validation component (validate_password
) preconfigured, which is not enabled by default on fresh self-hosted MySQL 8 installations. This is the component that enforces the password requirements that CassandraD outlined.