All Products
Search

This Product

    ApsaraDB for MyBase:Customize password policies

    Document Center

    ApsaraDB for MyBase:Customize password policies

    Last Updated:Mar 30, 2026

    ApsaraDB for MyBase supports custom password policies for MySQL 5.7 instances. Use the validate_password plug-in to enforce password complexity rules—minimum length, character composition, and strength level—for all database accounts on your instance.

    Prerequisites

    Before you begin, ensure that you have:

    How it works

    The validate_password plug-in intercepts password changes and validates them against configured rules before accepting the update. You control six parameters:

    • Whether the password can match the username

    • Minimum password length

    • Minimum number of digits

    • Minimum number of letters

    • Minimum number of special characters

    • Overall password strength level

    Configure these parameters in the ApsaraDB for MyBase console after installing the plug-in.

    Step 1: Install the validate_password plug-in

    1. Connect to your ApsaraDB MyBase for MySQL instance using the privileged account. For more information, see Use a database client or the CLI to connect to an ApsaraDB MyBase for MySQL instance and Create a database account.

    2. Run the following statement to install the plug-in:

      INSTALL PLUGIN validate_password SONAME 'validate_password.so';

    3. Run the following statement to verify the installation:

      SHOW GLOBAL VARIABLES LIKE 'validate_password%';

      If the plug-in is installed, the output lists the validate_password variables. Sample output

    Step 2: Configure password policy parameters

    Important

    Complete Step 1 before configuring these parameters. Parameters set without the plug-in installed have no effect.

    1. Log on to the ApsaraDB for MyBase console.

    2. In the upper-left corner, select a region.

    3. In the left-side navigation pane, choose Instances > MySQL.

    4. Find the instance and click Details in the Actions column. In the left-side navigation pane, click Parameters.

    5. Configure the following loose_validate_password parameters: For more information about these parameters, see the MySQL documentation. For more information about creating and managing accounts, see Create a database account.

      Parameter Description Allowed values Default
      loose_validate_password_check_user_name Whether the password can match the username. ON: allowed. OFF: not allowed. ON, OFF OFF
      validate_password_policy Password strength level. 0 (Low): checks length only. 1 (Medium): checks length, digits, letters, and special characters. 2 (Strict): same as 1—the dictionary file check is unavailable, so levels 1 and 2 enforce identical rules. 0, 1, 2 1
      validate_password_length Minimum password length. 0256 8
      validate_password_number_count Minimum number of digits. 0256 1
      validate_password_mixed_case_count Minimum number of letters. 0256 1
      validate_password_special_char_count Minimum number of special characters. 0256 1