When creating a MySQL user with a relatively weak password, you might encounter the error ‘MySQL ERROR 1819 (HY000): Your password does not satisfy the current policy requirements’. Technically, this is not an error, but a notification that you are using a password that does not meet the recommended password policy requirements.
In other words, you are using a weak password that can easily be guessed or brute-forced. The built-in security mechanism discourages users from creating weak passwords which can render your database prone to breaches.
For example, I ran into the error when creating a user as shown
mysql> create user ‘tecmint’@’localhost’ IDENTIFIED BY ‘mypassword’;
It’s a no brainer that the password is extremely weak and can present a security risk.
How to Solve MySQL ERROR 1819 (HY000) in Linux
The MySQL database ships with a validate_password plugin which when enabled, enforces a password validation policy. There are 3 levels of password validation policy that are enforced by the plugin.
- LOW: Allows users to set a password of 8 or fewer characters.
- MEDIUM: Allows users to set a password of 8 or fewer characters with mixed cases and special characters.
- STRONG: Allows users to set a password that has all the attributes of a medium-level password with the inclusion of a dictionary file.
By default, the password policy is set to MEDIUM. You can confirm the password policy level, by executing the command:
$ SHOW VARIABLES LIKE 'validate_password%';
If you run the command and get the output empty set, then the plugin is not enabled yet.
To enable the validate_password plugin, run the commands below.
mysql> select plugin_name, plugin_status from information_schema.plugins where plugin_name like 'validate%'; mysql> install plugin validate_password soname 'validate_password.so';
To confirm that the plugin is activated, run the command.
mysql> select plugin_name, plugin_status from information_schema.plugins where plugin_name like 'validate%';
You should get the output shown below:
To resolve the issue, you need to set the password validation policy to the lowest level. I know this sounds counterintuitive as it creates an avenue for setting weak passwords which can ultimately cause your database to be compromised by hackers.
However, if you still insist on having your way, here’s what you can do.
How to Change MySQL Password Validation Policy
To resolve the MySQL ERROR 1819 (HY000) error, set a lower password validation policy as shown.
mysql> SET GLOBAL validate_password_policy=LOW; OR mysql> SET GLOBAL validate_password_policy=0;
You can thereafter confirm the password validation policy level.
$ SHOW VARIABLES LIKE 'validate_password%';
Now you can proceed and assign a relatively weak password as per your wish.
mysql> create user ‘tecmint’@’localhost’ IDENTIFIED BY ‘mypassword’;
To revert to the ‘MEDIUM’ password policy level, simply invoke the command:
mysql> SET GLOBAL validate_password_policy=MEDIUM;
Conclusion
Personally, I wouldn’t recommend setting a lower level password policy for obvious reasons. Whether it’s a normal user or a database user, it’s recommended to always set a strong MySQL password with more than 8 characters with a mix of uppercase, lowercase, numeric and special characters.
This guide is for the sake of those who want to know how to navigate such an error, otherwise, setting a strong password is always recommended.