✓ Solved

MySQL managed database password policy

What is the password policy for MySQL (Linode managed database)?
Where is it documented?

This happened:

MySQL [(none)]> create user 'aaa'@'%' identified by 'Qe2lm90f4b8fAIxXWFxNnX5yZ2xfGh9ibDhuCQHImPxESxRbhuPv1GUpIEeSLyI' require ssl; ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

3 Replies

✓ Best Answer

The password policy for our Managed MySQL Databases are the same as the default for MySQL. Their documentation shows the following requirements:

  • The password must be a minimum length of 8 characters long and contain at least 1 of each of the following:
    • 1 numeric character
    • 1 lowercase character
    • 1 uppercase character
    • 1 special (nonalphanumeric) character.

It appears the password you shared is missing a nonalphanumeric character.

I have also passed along a suggestion that we include this requirement in our documentation in the future.

I fired up a new server and installed MySQL 8.0. The password was accepted, so Linode's setup is not the default.

(Debian 11, https://dev.mysql.com/get/mysql-apt-config_0.8.22-1_all.deb)

Linode Staff

From my testing, the password validation component (validate_password) that CassandraD shared above is not installed by default on all self-hosted MySQL 8 databases (at least the ones that I deployed). If your self-hosted MySQL 8 installation accepted that password, it is indeed likely that validate_password is not enabled (or is enabled but has different settings than our solution).

To determine if the validate_password component is enabled, run the following command:

SHOW VARIABLES LIKE 'validate_password%';

If the component is enabled, the output should include variables for each of the component's settings. For instance, here's the output when running this command on a Managed Database using MySQL v8.0:

+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password.check_user_name    | ON     |
| validate_password.dictionary_file    |        |
| validate_password.length             | 8      |
| validate_password.mixed_case_count   | 1      |
| validate_password.number_count       | 1      |
| validate_password.policy             | MEDIUM |
| validate_password.special_char_count | 1      |
+--------------------------------------+--------+

To summarize: Managed Databases using the MySQL 8.x database software come with the password validation component (validate_password) preconfigured, which is not enabled by default on fresh self-hosted MySQL 8 installations. This is the component that enforces the password requirements that CassandraD outlined.

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct