Fix – MySQL ERROR 1819 (HY000): Your password does not satisfy the current policy requirements.
As you might have noticed, you will be prompted to enable VALIDATE PASSWORD
component while setting up password for MySQL root
user. If enabled, the Validate Password component will automatically
check the strength of the given password and enforce the users to set
only the passwords that are secure enough. If you provide a weak
password, you will encounter with an error like this - ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
.
Technically
speaking, it is not actually an error. This is a built-in security
mechanism that forces the users to provide only the strong passwords
based on the current password policy requirements.
Let me show you an example. I log in to MySQL server as root
user using command:
$ mysql -u root -p
Create a database user with a weak password:
mysql> create user 'ostechnix'@'localhost' identified by 'mypassword';
And I encounter with the following error:
ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
See? The Validate Password
component doesn't allow me to create a user with a weak password (i.e. mypassword
in this case).
You will keep getting this error until the password meets the requirements of the current password policy or you disable the Validate Password
component. We will see how to do it in the following section.
Fix - MySQL ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
There are three levels of password validation policy enforced when Validate Password
plugin is enabled:
- LOW Length >= 8 characters.
- MEDIUM Length >= 8, numeric, mixed case, and special characters.
- STRONG Length >= 8, numeric, mixed case, special characters and dictionary file.
Based
on these policy levels, you need to set an appropriate password. For
example, if the password validation policy is set to Medium, you must
set a password that has at least 8 characters including a number,
lowercase, uppercase and special characters.
First we need to
find the current password policy level. To do so, run the following
command to show Password Validation Plugin system variables:
mysql> SHOW VARIABLES LIKE 'validate_password%';
Sample output:
+--------------------------------------+--------+
| Variable_name | Value |
+--------------------------------------+--------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | MEDIUM |
| validate_password.special_char_count | 1 |
+--------------------------------------+--------+
7 rows in set (0.09 sec)
As you can see, the currently enforced password level is Medium. So our password should be 8 characters long with a number, mixed case and special characters.
I am going to set this password - Password123#@!
using command:
mysql> create user 'ostechnix'@'localhost' identified by 'Password123#@!';
Query OK, 0 rows affected (0.36 sec)
See? It works now! So, in order to fix the "ERROR 1819 (HY000)...
" error, you need to enter a password as per the current password validation policy.
Change password validation policy in MySQL
You can also solve the "ERROR 1819 (HY000)...
" by setting up a lower level password policy.
To do so, run the following command from the mysql prompt:
mysql> SET GLOBAL validate_password.policy = 0;
Or,
mysql> SET GLOBAL validate_password.policy=LOW;
Then check if the password validation policy has been changed to low:
mysql> SHOW VARIABLES LIKE 'validate_password%';
Sample output:
+--------------------------------------+-------+
| Variable_name | Value |
+--------------------------------------+-------+
| validate_password.check_user_name | ON |
| validate_password.dictionary_file | |
| validate_password.length | 8 |
| validate_password.mixed_case_count | 1 |
| validate_password.number_count | 1 |
| validate_password.policy | LOW |
| validate_password.special_char_count | 1 |
+--------------------------------------+-------+
7 rows in set (0.00 sec)
Now you can create a user with a weak password like below:
mysql> create user 'senthil'@'localhost' identified by 'password';
To revert back to MEDIUM level policy, simply run this command from mysql prompt:
mysql> SET GLOBAL validate_password.policy=MEDIUM;
If the password policy doesn't change, exit from the mysql prompt and restart mysql service from your Terminal window:
$ sudo systemctl restart mysql
Now it should work.
Heads Up: One of our reader has pointed out that there is typo in the following command:
mysql> SET GLOBAL validate_password.policy=LOW;
It should be:
mysql> SET GLOBAL validate_password_policy=LOW;
Note
the underscore in the above command. Since I have deleted the setup, I
have no way of verifying this command. But I assume the command has been
changed in the newer versions of MySQL.
Disable password validation policy
If you like to create users with weak password, simply disable the Validate Password
component altogether and re-enable it back after creating the users.
Log in to the MySQL server:
$ mysql -u root -p
To temporarily disable Validate Password component, run the following command from MySQL prompt:
mysql> UNINSTALL COMPONENT "file://component_validate_password";
Create the users with any password of your choice:
mysql> create user 'kumar'@'localhost' identified by '123456';
Finally, enable Validate Password component:
mysql> INSTALL COMPONENT "file://component_validate_password";