MySQL ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

BY SK · JUNE 1, 2020

As you might have noticed, you will be prompted to enable “VALIDATE PASSWORD” component while setting up password for MySQL root user. If enabled, the Validate Password component will automatically check the strength of the given password and enforces the users to set only those passwords which are secure enough. If you provide a weak password, you will encounter with an error like – “ERROR 1819 (HY000): Your password does not satisfy the current policy requirements.”. Technically speaking, it is not actually an error. This is a built-in security mechanism that notifies the users to provide only the strong passwords based on the current password policy requirements.

Let me show you an example. I log in to MySQL server as root user using command:

$ mysql -u root -p

Create a database user with a weak password:

mysql> create user 'ostechnix'@'localhost' identified by 'mypassword';

And I encounter with the following error:

ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

See? The Validate Password components doesn’t allow me to create a user with a weak password (i.e. mypassword in thos case). You will keep getting this error until the password the requirements of the current password policy or you disable the Validate Password component. We will see how to do it in the following section.

Fix – MySQL ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

There are three levels of password validation policy enforced when Validate Password is enabled:

• LOW Length >= 8 characters.
• MEDIUM Length >= 8, numeric, mixed case, and special characters.
• STRONG Length >= 8, numeric, mixed case, special characters and dictionary file.

Based on these policy levels, you need to set an appropriate password. For example, if the password validation policy is set to Medium, you must set a password that has at least 8 characters including a number, lowercase, uppercase and special characters.

First we need to  find the current password policy level. To do so, run the following command to show Password Validation Plugin system variables:

mysql> SHOW VARIABLES LIKE 'validate_password%';

Sample output:

+--------------------------------------+--------+
| Variable_name                        | Value  |
+--------------------------------------+--------+
| validate_password.check_user_name    | ON     |
| validate_password.dictionary_file    |        |
| validate_password.length             | 8      |
| validate_password.mixed_case_count   | 1      |
| validate_password.number_count       | 1      |
| validate_password.policy             | MEDIUM |
| validate_password.special_char_count | 1      |
+--------------------------------------+--------+
7 rows in set (0.09 sec)

As you can see, the currently enforced password level is Medium. So our password should be 8  characters long with a number, mixed case and special characters.

I am going to set this password – Password123#@! using command:

mysql> create user 'ostechnix'@'localhost' identified by 'Password123#@!';
Query OK, 0 rows affected (0.36 sec)

See? It works now! So, in order to fix the “ERROR 1819 (HY000)…” error, you need to enter a password as per the current password validation policy.

Change password validation policy

You can also solve the “ERROR 1819 (HY000)…” by setting up a lower level password policy.

To do so, run the following command from the mysql prompt:

mysql> SET GLOBAL validate_password.policy = 0;

Or,

mysql> SET GLOBAL validate_password.policy=LOW;

Then check if the password validation policy has been changed to low:

mysql> SHOW VARIABLES LIKE 'validate_password%';

Sample output:

+--------------------------------------+-------+
| Variable_name                        | Value |
+--------------------------------------+-------+
| validate_password.check_user_name    | ON    |
| validate_password.dictionary_file    |       |
| validate_password.length             | 8     |
| validate_password.mixed_case_count   | 1     |
| validate_password.number_count       | 1     |
| validate_password.policy             | LOW   |
| validate_password.special_char_count | 1     |
+--------------------------------------+-------+
7 rows in set (0.00 sec)

Now you can create a user with a weak password like below:

mysql> create user 'senthil'@'localhost' identified by 'password';

To revert back to MEDIUM level policy, simply run this command from mysql prompt:

mysql> SET GLOBAL validate_password.policy=MEDIUM;

If the password policy doesn’t change, exit from the mysql prompt and restart mysql service from your Terminal window:

$ sudo systemctl restart mysql

Now it should work.

Disable password validation policy

If you like to create users with weak password, simply disable the Validate Password component altogether and re-enable it back after creating the users.

Log in to the MySQL server:

$ mysql -u root -p

To temporarily disable Validate Password component, run the following command from mysql prompt:

mysql> UNINSTALL COMPONENT "file://component_validate_password";

Create the users with any password of your choice:

mysql> create user 'kumar'@'localhost' identified by '123456';

Finally, enable Validate Password component:

mysql> INSTALL COMPONENT "file://component_validate_password";

I personally don’t recommend changing the policy to lower level or disabling password policy. Be it a database user or normal user, always use a strong password with more than 8 characters including a number, mixed case, and spacial characters.

Related read: