ErrorNotes

Fix ERROR 1819 (HY000): Your password does not satisfy the current policy requirements in MySQL

beginner๐Ÿ—„๏ธ MySQL2026-06-02| MySQL 5.7+, MySQL 8.0+, Ubuntu/Debian/CentOS/RHEL, also triggered post mysql_secure_installation

Error Message

ERROR 1819 (HY000): Your password does not satisfy the current policy requirements
#mysql#password#security#mysql8

What just happened

You're running ALTER USER, CREATE USER, or SET PASSWORD and MySQL throws this at you:

ERROR 1819 (HY000): Your password does not satisfy the current policy requirements

Usually shows up right after a fresh MySQL install โ€” especially if you ran mysql_secure_installation and it enabled the validate_password plugin. The password you chose is technically valid SQL, but MySQL's password policy is blocking it.

Why MySQL rejects the password

MySQL 5.7 introduced validate_password as a plugin. MySQL 8.0 promoted it to a component. Either way, when it's active, every password change gets checked against a minimum strength requirement before it goes through.

Three policy levels exist:

  • LOW โ€” only checks length (default: 8 chars)
  • MEDIUM โ€” length + uppercase + lowercase + digits + special chars
  • STRONG โ€” everything in MEDIUM + password must not appear in a dictionary file

If you installed MySQL 8 and ran the secure installation wizard, there's a good chance it set policy to MEDIUM or STRONG.

Step 1: Check what policy is active

Log in as root, then run:

SHOW VARIABLES LIKE 'validate_password%';

MySQL 8.0 output looks like this:

+-------------------------------------------------+--------+
| Variable_name                                   | Value  |
+-------------------------------------------------+--------+
| validate_password.check_user_name               | ON     |
| validate_password.dictionary_file               |        |
| validate_password.length                        | 8      |
| validate_password.mixed_case_count              | 1      |
| validate_password.number_count                  | 1      |
| validate_password.policy                        | MEDIUM |
| validate_password.special_char_count            | 1      |
+-------------------------------------------------+--------+

On MySQL 5.7, variable names use underscores instead of dots: validate_password_policy, validate_password_length, etc.

Now you know exactly what you're fighting.

Quick fix: use a compliant password right now

Fastest path โ€” pick a password that satisfies the current policy. If policy is MEDIUM with default settings, your password needs:

  • At least 8 characters
  • At least 1 uppercase letter
  • At least 1 lowercase letter
  • At least 1 number
  • At least 1 special character (!@#$%^&* etc.)

Example: MyP@ssw0rd! โ€” ugly but it works for testing. For production, use something actually random. I use ToolCraft's password generator to get compliant random passwords instantly โ€” runs in the browser, nothing gets sent anywhere.

Verify the password will pass before running the full command:

SELECT VALIDATE_PASSWORD_STRENGTH('YourPasswordHere');

Returns 0โ€“100. A score of 50+ passes MEDIUM policy, 100 is required for STRONG.

Then apply it:

ALTER USER 'youruser'@'localhost' IDENTIFIED BY 'YourStr0ng!Pass';

Permanent fix: adjust the policy to match your needs

Running a local dev box or staging environment? STRONG policy is overkill. Drop it to LOW:

-- MySQL 8.0
SET GLOBAL validate_password.policy = LOW;
SET GLOBAL validate_password.length = 6;

-- MySQL 5.7
SET GLOBAL validate_password_policy = LOW;
SET GLOBAL validate_password_length = 6;

These changes take effect immediately but don't survive a MySQL restart. To persist them, add to your MySQL config โ€” /etc/mysql/mysql.conf.d/mysqld.cnf on Ubuntu/Debian, or /etc/my.cnf on RHEL/CentOS:

[mysqld]
validate_password.policy = LOW
validate_password.length = 6

Then restart:

sudo systemctl restart mysql

Option: disable validate_password completely

Local-only dev machine with no external access? Uninstall the component and skip the whole dance:

-- MySQL 8.0 (component)
UNINSTALL COMPONENT 'file://component_validate_password';

-- MySQL 5.7 (plugin)
UNINSTALL PLUGIN validate_password;

No more policy enforcement. Set whatever password you want.

Re-enable on MySQL 8.0 later:

INSTALL COMPONENT 'file://component_validate_password';

Verification

Policy change applied? Confirm it stuck:

SHOW VARIABLES LIKE 'validate_password%';

Then score your target password:

SELECT VALIDATE_PASSWORD_STRENGTH('yournewpassword');

Run the actual ALTER USER or CREATE USER command. No ERROR 1819 this time means you're done.

Common trap: dots vs underscores

MySQL 8.0 uses dot notation (validate_password.policy). MySQL 5.7 uses underscores (validate_password_policy). Mix them up and you'll get ERROR 1193: Unknown system variable โ€” a second error on top of the first. Check your version before copying commands:

SELECT VERSION();

Tips for production

Never disable validate_password on production. MEDIUM policy is the right balance โ€” it blocks weak passwords without requiring a dictionary file. Generate compliant passwords for every service account and store them in a secrets manager (Vault, AWS Secrets Manager) rather than a config file.

Password rotation gets tedious fast if you keep guessing formats that fail validation. Bookmark a generator you can configure โ€” ToolCraft's generator lets you dial in exact length and character requirements so every output passes your policy on the first try.

Related Error Notes

Fixing MySQL ERROR 1130: 'Host is not allowed to connect'

ERROR 1130 (HY000): Host '192.168.1.100' is not allowed to connect to this MySQL server

Fix MySQL ERROR 1264: Out of range value for column (Integer Overflow)

ERROR 1264 (22003): Out of range value for column 'age' at row 1

Fix ERROR 2003: Can't connect to MySQL Server on Host (Connection Refused)

ERROR 2003 (HY000): Can't connect to MySQL server on 'hostname' (111)