{"id":3535,"date":"2020-04-28T10:04:38","date_gmt":"2020-04-28T09:04:38","guid":{"rendered":"http:\/\/dasini.net\/blog\/?p=3535"},"modified":"2020-05-20T11:02:09","modified_gmt":"2020-05-20T10:02:09","slug":"mysql-security-password-reuse-policy","status":"publish","type":"post","link":"https:\/\/dasini.net\/blog\/2020\/04\/28\/mysql-security-password-reuse-policy\/","title":{"rendered":"MySQL Security &#8211; Password Reuse Policy"},"content":{"rendered":"\n<p>When thinking about security within a MySQL installation, you can consider a wide range of possible procedures \/ best practices and how they affect the security of your MySQL server and related applications. <\/p>\n\n\n\n<p>MySQL provides many tools \/ features \/ plugins or components in order to protect your data including some advanced features like <a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/04\/10\/mysql-security-mysql-enterprise-transparent-data-encryption\/\" target=\"_blank\"><strong>Transparent Data Encryption<\/strong> (TDE)<\/a>,\u00a0<strong><a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/04\/04\/mysql-security-mysql-enterprise-audit\/\" target=\"_blank\">Audit<\/a><\/strong>, <strong><a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2019\/03\/19\/mysql-security-mysql-enterprise-data-masking-and-de-identification\/\" target=\"_blank\">Data Masking &amp; De-Identification<\/a><\/strong>, <strong><a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/04\/16\/mysql-security-mysql-enterprise-firewall\/\" target=\"_blank\">Firewall<\/a><\/strong>, <strong><a aria-label=\" (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/04\/15\/mysql-security-random-password-generation\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Random Password Generation<\/a><\/strong>, <a aria-label=\"Password Expiration Policy (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/04\/21\/mysql-security-password-expiration-policy\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\"><strong>Password Expiration Policy<\/strong><\/a>, <strong><a aria-label=\" (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/05\/05\/mysql-security-password-verification-required-policy\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Password Verification-Required Policy<\/a><\/strong>, <strong><a aria-label=\" (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/05\/12\/mysql-security-failed-login-tracking-and-temporary-account-locking\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Failed-Login Tracking and Temporary Account Locking<\/a><\/strong>, <strong><strong><strong><strong><a href=\"http:\/\/dasini.net\/blog\/2020\/05\/19\/mysql-security-dual-password-support\/\" target=\"_blank\" aria-label=\" (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Dual Password Support<\/a><\/strong><\/strong><\/strong><\/strong>, <a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/03\/29\/mysql-security-the-connection-control-plugins\/\" target=\"_blank\">Connection-Control Plugins<\/a>, Password Validation Component, etc\u2026<\/p>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<div class=\"wp-block-image\"><figure class=\"aligncenter\"><img data-recalc-dims=\"1\" decoding=\"async\" src=\"https:\/\/i0.wp.com\/dasini.net\/blog\/wp-content\/uploads\/MySQL_DB_Lock2.png\" alt=\"MySQL Security\"\/><\/figure><\/div>\n<\/div><\/div>\n\n\n\n<p>Basic password policy practices teaches us :<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>Each user must have a password<\/li><li>A user&rsquo;s password should be changed periodically<\/li><\/ul>\n\n\n\n<p>However, often this is not enough. Actually, some regulations may require&nbsp;that users can not reuse a previous password.<\/p>\n\n\n\n<p>You can do that by setting how often and \/ or how long an old password can be reuses. In this article, from my new MySQL Security series, we will see how to establish a policy for password reuse&nbsp;with MySQL 8.0&nbsp;Password Reuse Policy.<\/p>\n\n\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n<h3 class=\"wp-block-heading\">TL;DR<\/h3>\n\n\n\n<p class=\"has-text-color has-vivid-cyan-blue-color\">MySQL provides password-reuse capability, which allows database administrators to determine the number of unique passwords a user must use before they can use an old password again.<\/p>\n\n\n\n\n\n<figure class=\"wp-block-embed-youtube wp-block-embed is-type-video is-provider-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<iframe loading=\"lazy\" title=\"Enable restrictions on reuse of previous passwords with MySQL\" width=\"500\" height=\"281\" src=\"https:\/\/www.youtube.com\/embed\/4z6-dlGT-Mc?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe>\n<\/div><figcaption>Enable restrictions on reuse of previous passwords with MySQL<\/figcaption><\/figure>\n\n\n\n<hr class=\"wp-block-separator\"\/>\n\n\n\n\n\n<p>The main goal of <strong><a rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/password-management.html#password-reuse-policy\" target=\"_blank\">Password Reuse Policy<\/a><\/strong> is to enable restrictions to be placed on reuse of previous passwords.<br>It can be established globally, and individual accounts can be set to either defer to the global policy or override the global policy with specific per-account behavior.<\/p>\n\n\n\n<p>There are different clauses a DBA can use with <strong><em>CREATE USER<\/em><\/strong> or <strong><em>ALTER USER<\/em><\/strong> to establish a per account password reuse policy.<\/p>\n\n\n\n<p>Let\u2019s dig into it using MySQL 8.0.<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>$ mysqlsh daz@localhost --sql\n\nMySQL SQL> SELECT VERSION();\n+-----------+\n| VERSION() |\n+-----------+\n| 8.0.19    |\n+-----------+<\/code><\/pre>\n\n\n\n\n\n<h2 class=\"wp-block-heading\">PASSWORD HISTORY<\/h2>\n\n\n\n<p>Prohibit reusing any of the last 10 (then 24) passwords :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>MySQL SQL> \nCREATE USER 'aUser'@'localhost' PASSWORD HISTORY 10;\n\n\nSELECT user, host, password_reuse_history, password_last_changed FROM mysql.user WHERE user = 'aUser'\\G\n*************************** 1. row ***************************\n                  user: aUser\n                  host: localhost\npassword_reuse_history: 10\n password_last_changed: 2020-04-03 09:45:45\n\n\nALTER USER 'aUser'@'localhost' PASSWORD HISTORY 24;\n\n\nSELECT user, host, password_reuse_history, password_last_changed FROM mysql.user WHERE user = 'aUser'\\G\n*************************** 1. row ***************************\n                  user: aUser\n                  host: localhost\npassword_reuse_history: 24\n password_last_changed: 2020-04-03 09:45:45<\/code><\/pre>\n\n\n\n\n\n<h2 class=\"wp-block-heading\">PASSWORD REUSE INTERVAL n DAY<\/h2>\n\n\n\n<p>Require a minimum of 180 (then 365) days elapsed before permitting reuse :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>MySQL SQL> \nCREATE USER 'bUser'@'localhost' PASSWORD REUSE INTERVAL 180 DAY;\n\n\nSELECT user, host, password_reuse_time, password_last_changed FROM mysql.user WHERE user = 'bUser'\\G\n*************************** 1. row ***************************\n                 user: bUser\n                 host: localhost\n  password_reuse_time: 180\npassword_last_changed: 2020-04-03 10:03:20\n\n\nALTER USER 'bUser'@'localhost' PASSWORD REUSE INTERVAL 365 DAY;\n\n\nSELECT user, host, password_reuse_time, password_last_changed FROM mysql.user WHERE user = 'bUser'\\G\n*************************** 1. row ***************************\n                 user: bUser\n                 host: localhost\n  password_reuse_time: 365\npassword_last_changed: 2020-04-03 10:03:20<\/code><\/pre>\n\n\n\n\n\n<h2 class=\"wp-block-heading\">Combine types of reuse restrictions<\/h2>\n\n\n\n<p>It is also possible to combine both types of reuse restrictions. <br>Simply use <strong>PASSWORD HISTORY<\/strong> and <strong>PASSWORD REUSE INTERVAL<\/strong> n <strong>DAY<\/strong> together :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>MySQL SQL> \nCREATE USER 'cUser'@'localhost' \n  PASSWORD HISTORY 5 \n  PASSWORD REUSE INTERVAL 180 DAY;\n\n\nSELECT user, host, password_reuse_history, password_reuse_time, password_last_changed FROM mysql.user WHERE user = 'cUser'\\G\n*************************** 1. row ***************************\n                  user: cUser\n                  host: localhost\npassword_reuse_history: 5\n   password_reuse_time: 180\n password_last_changed: 2020-04-03 10:11:31\n\n\nALTER USER 'cUser'@'localhost' \n  PASSWORD HISTORY 10 \n  PASSWORD REUSE INTERVAL 365 DAY;\n\n\nSELECT user, host, password_reuse_history, password_reuse_time, password_last_changed FROM mysql.user WHERE user = 'cUser'\\G\n*************************** 1. row ***************************\n                  user: cUser\n                  host: localhost\npassword_reuse_history: 10\n   password_reuse_time: 365\n password_last_changed: 2020-04-03 10:11:31<\/code><\/pre>\n\n\n\n\n\n<h2 class=\"wp-block-heading\">Global Policy<\/h2>\n\n\n\n<p>Reuse policy can be established globally, as specified by the <em><strong><a href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/server-system-variables.html#sysvar_password_history\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">password_history<\/a><\/strong><\/em> and <em><strong><a href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/server-system-variables.html#sysvar_password_reuse_interval\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\" (opens in a new tab)\">password_reuse_interval<\/a><\/strong><\/em> system variables.<\/p>\n\n\n\n<p>The default <em><strong>password_history<\/strong><\/em> value is <strong>0<\/strong>, which disables automatic password expiration. <br>Same for <em><strong>password_reuse_interval<\/strong><\/em>.<\/p>\n\n\n\n<p><em><strong>password_history<\/strong><\/em> and <em><strong>password_reuse_interval<\/strong><\/em> variables can be set in the MySQL configuration file (usually my.cnf or my.ini) but it can also be set and persisted at runtime using <em><strong>SET PERSIST<\/strong><\/em> :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>SET PERSIST password_history = 10;\n\nSET PERSIST password_reuse_interval = 365;\n\n\nSHOW VARIABLES WHERE Variable_name IN ('password_history','password_reuse_interval');\n+-------------------------+-------+\n| Variable_name           | Value |\n+-------------------------+-------+\n| password_history        | 10    |\n| password_reuse_interval | 365   |\n+-------------------------+-------+<\/code><\/pre>\n\n\n\n<p>The same behavior can be achieved using the my.cnf (or my.ini) file :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;mysqld]\npassword_history = 10\npassword_reuse_interval = 365<\/code><\/pre>\n\n\n\n<p>However it requires a server restart.<\/p>\n\n\n\n\n\n<p>To defer the global policy for an account for both types of reuse restrictions you must use the <strong><em>DEFAULT<\/em><\/strong> clause :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>MySQL SQL> \nCREATE USER olivier@localhost\n  PASSWORD HISTORY DEFAULT\n  PASSWORD REUSE INTERVAL DEFAULT;\n\n\nALTER USER ethan@localhost\n  PASSWORD HISTORY DEFAULT\n  PASSWORD REUSE INTERVAL DEFAULT;<\/code><\/pre>\n\n\n\n\n\n<p>To establish a global policy such that none of these restriction exist, set <em><strong>password_history<\/strong><\/em> and <em><strong>password_reuse_interval<\/strong><\/em> to <strong>0<\/strong> :<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>MySQL SQL> \nSET PERSIST password_history = 0;\n\nSET PERSIST password_reuse_interval = 0;\n\n\nSHOW VARIABLES WHERE Variable_name IN ('password_history','password_reuse_interval');\n+-------------------------+-------+\n| Variable_name           | Value |\n+-------------------------+-------+\n| password_history        | 0     |\n| password_reuse_interval | 0     |\n+-------------------------+-------+<\/code><\/pre>\n\n\n\n\n\n<p>Please note that the empty password does not count in the password history and is subject to reuse at any time.<\/p>\n\n\n\n\n\n\n\n<h2 class=\"wp-block-heading\">To Go Further<\/h2>\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p><strong><a rel=\"noreferrer noopener\" href=\"https:\/\/www.youtube.com\/channel\/UC12TulyJsJZHoCmby3Nm3WQ\" target=\"_blank\" class=\"aioseop-link\"><span style=\"text-decoration: underline;\">Olivier&rsquo;s MySQL Channel<\/span><\/a><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/youtu.be\/k4K-scd4oI0\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Establish a policy for password expiration with MySQL\">Establish a policy for password expiration with MySQL<\/a><\/li><li><a href=\"https:\/\/youtu.be\/VND0KvuX7bc\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Create users with a random password in MySQL\">Create users with a random password in MySQL<\/a><\/li><li><a href=\"https:\/\/www.youtube.com\/watch?v=4z6-dlGT-Mc\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Enable restrictions on reuse of previous passwords with MySQL\">Enable restrictions on reuse of previous passwords with MySQL<\/a><\/li><li><a href=\"https:\/\/www.youtube.com\/watch?v=1RwlU14TDWk\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Require MySQL users to provide their current password to change it\">Require MySQL users to provide their current password to change it<\/a><\/li><li><a href=\"https:\/\/www.youtube.com\/watch?v=6HO_ciRbiXw\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Temporary Account Locking in MySQL\">Temporary Account Locking in MySQL<\/a><\/li><\/ul>\n\n\n<\/div><\/div>\n<\/div><\/div>\n\n\n\n<p><strong><span style=\"text-decoration: underline;\">Reference Manual<\/span><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a rel=\"noreferrer noopener\" aria-label=\"Password Reuse Policy? (opens in a new tab)\" href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/password-management.html#password-reuse-policy\" target=\"_blank\">Password Reuse Policy<\/a><\/li><li><a href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/server-system-variables.html#sysvar_password_history\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"password_history? (opens in a new tab)\">password_history<\/a><\/li><li><a href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/server-system-variables.html#sysvar_password_reuse_interval\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"password_reuse_interval (opens in a new tab)\">password_reuse_interval<\/a><\/li><\/ul>\n\n\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p><strong><span style=\"text-decoration: underline;\">MySQL Security<\/span><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/dev.mysql.com\/doc\/mysql-security-excerpt\/8.0\/en\/\">Security in MySQL<\/a><\/li><li><a href=\"https:\/\/dev.mysql.com\/doc\/mysql-secure-deployment-guide\/8.0\/en\/\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"MySQL 8.0 Secure Deployment Guide? (opens in a new tab)\">MySQL 8.0 Secure Deployment Guide<\/a><\/li><li><a href=\"https:\/\/dev.mysql.com\/doc\/refman\/8.0\/en\/security.html\" target=\"_blank\" rel=\"noreferrer noopener\" aria-label=\"MySQL 8.0 Reference Manual \u2013 Security (opens in a new tab)\">MySQL 8.0 Reference Manual \u2013 Security<\/a><\/li><\/ul>\n<\/div><\/div>\n\n\n\n\n\n<div class=\"wp-block-group\"><div class=\"wp-block-group__inner-container is-layout-flow wp-block-group-is-layout-flow\">\n<p><strong><span style=\"text-decoration: underline;\">MySQL Security Serie &#8211; Password Management<\/span><\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a aria-label=\"Random Password Generation? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/04\/15\/mysql-security-random-password-generation\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Random Password Generation<\/a><\/li><li><a aria-label=\"Password Expiration Policy? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/04\/21\/mysql-security-password-expiration-policy\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Password Expiration Policy<\/a><\/li><li><a aria-label=\"Password Reuse Policy? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/04\/28\/mysql-security-password-reuse-policy\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Password Reuse Policy<\/a><\/li><li><a aria-label=\"Password Verification-Required Policy? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/05\/05\/mysql-security-password-verification-required-policy\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Password Verification-Required Policy<\/a><\/li><li><a aria-label=\"Failed-Login Tracking and Temporary Account Locking? (opens in a new tab)\" href=\"http:\/\/dasini.net\/blog\/2020\/05\/12\/mysql-security-failed-login-tracking-and-temporary-account-locking\/\" target=\"_blank\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Failed-Login Tracking and Temporary Account Locking<\/a><\/li><li><a href=\"http:\/\/dasini.net\/blog\/2020\/05\/19\/mysql-security-dual-password-support\/\" target=\"_blank\" aria-label=\"Dual Password Support (opens in a new tab)\" rel=\"noreferrer noopener\" class=\"aioseop-link\">Dual Password Support<\/a><\/li><\/ul>\n\n\n<\/div><\/div>\n\n\n\n<p><strong><span style=\"text-decoration: underline;\">MySQL Security Serie<\/span> (1st edition)<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\"><li> <a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/03\/01\/mysql-security-password-validation-plugin\/\" target=\"_blank\">Password Validation Plugin<\/a><\/li><li> <a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/03\/07\/mysql-security-password-management\/\" target=\"_blank\">Password Management<\/a><\/li><li> <a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/03\/14\/mysql-security-user-account-locking\/\" target=\"_blank\">User Account Locking<\/a><\/li><li> <a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/03\/29\/mysql-security-the-connection-control-plugins\/\" target=\"_blank\">The Connection-Control Plugins<\/a><\/li><li> <a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/04\/04\/mysql-security-mysql-enterprise-audit\/\" target=\"_blank\">Enterprise Audit<\/a><\/li><li> <a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/04\/10\/mysql-security-mysql-enterprise-transparent-data-encryption\/\" target=\"_blank\">Enterprise Transparent Data Encryption (TDE)<\/a><\/li><li> <a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2018\/04\/16\/mysql-security-mysql-enterprise-firewall\/\" target=\"_blank\">Enterprise Firewall<\/a><\/li><li> <a rel=\"noreferrer noopener\" href=\"http:\/\/dasini.net\/blog\/2019\/03\/19\/mysql-security-mysql-enterprise-data-masking-and-de-identification\/\" target=\"_blank\">Enterprise Data Masking and De-Identification<\/a> <\/li><\/ul>\n\n\n\n\n\n\n\n<div style=\"height:75px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-vivid-red-color has-text-color\"><strong>Thanks for using MySQL!<\/strong><\/p>\n\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<div style=\"height:20px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p><a href=\"https:\/\/www.linkedin.com\/groups\/12524512\/\" target=\"_blank\" rel=\"noopener\" title=\"Olivier DASINI on Linkedin\">Follow me on Linkedin<\/a><\/p>\n\n\n\n<p>Watch my videos on my <a href=\"https:\/\/www.youtube.com\/channel\/UC12TulyJsJZHoCmby3Nm3WQ\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Olivier's MySQL Channel\">YouTube channel<\/a> and <a href=\"https:\/\/www.youtube.com\/channel\/UC12TulyJsJZHoCmby3Nm3WQ\/?sub_confirmation=1\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Subscribe\">subscribe<\/a>.<\/p>\n\n\n\n<p>My <a href=\"https:\/\/www.slideshare.net\/freshdaz\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Olivier DASINI on Slideshare\">Slideshare account<\/a>.<\/p>\n\n\n\n<p>My <a href=\"https:\/\/speakerdeck.com\/freshdaz\/\" target=\"_blank\" rel=\"noreferrer noopener\" title=\"Olivier DASINI on Speaker Deck\">Speaker Deck account<\/a>.<\/p>\n\n\n\n<div style=\"height:25px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<p class=\"has-vivid-red-color has-text-color\"><strong>Thanks for using HeatWave &amp; MySQL!<\/strong><\/p>\n","protected":false},"excerpt":{"rendered":"<p>MySQL provides password-reuse capability, which allows database administrators to determine the number of unique passwords a user must use before they can use an old password again.<\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"jetpack_post_was_ever_published":false,"footnotes":""},"categories":[203,365,339],"tags":[689,1628,690,367],"class_list":["post-3535","post","type-post","status-publish","format-standard","hentry","category-mysql-en","category-security","category-tuto-en","tag-hipaa","tag-password-reuse","tag-pci-dss","tag-security"],"aioseo_notices":[],"jetpack_featured_media_url":"","jetpack_sharing_enabled":true,"jetpack_shortlink":"https:\/\/wp.me\/p9LfWW-V1","jetpack-related-posts":[{"id":3557,"url":"https:\/\/dasini.net\/blog\/2020\/04\/15\/mysql-security-random-password-generation\/","url_meta":{"origin":3535,"position":0},"title":"MySQL Security &#8211; Random Password Generation","author":"Olivier DASINI","date":"15 avril 2020","format":false,"excerpt":"MySQL has the capability of generating random passwords for user accounts, as an alternative to requiring explicit administrator-specified literal passwords.","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/VND0KvuX7bc\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3567,"url":"https:\/\/dasini.net\/blog\/2020\/05\/19\/mysql-security-dual-password-support\/","url_meta":{"origin":3535,"position":1},"title":"MySQL Security &#8211; Dual Password Support","author":"Olivier DASINI","date":"19 mai 2020","format":false,"excerpt":"Dual-password capability makes it possible to seamlessly perform credential changes without downtime.","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"","src":"","width":0,"height":0},"classes":[]},{"id":3561,"url":"https:\/\/dasini.net\/blog\/2020\/05\/05\/mysql-security-password-verification-required-policy\/","url_meta":{"origin":3535,"position":2},"title":"MySQL Security &#8211; Password Verification-Required Policy","author":"Olivier DASINI","date":"5 mai 2020","format":false,"excerpt":"MySQL 8.0 has introduced an optional behavior that authorize users to change their password only if they could provide the current password.","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/1RwlU14TDWk\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":2136,"url":"https:\/\/dasini.net\/blog\/2018\/03\/01\/mysql-security-password-validation-plugin\/","url_meta":{"origin":3535,"position":3},"title":"MySQL Security \u2013 Password Validation Plugin","author":"Olivier DASINI","date":"1 mars 2018","format":false,"excerpt":"In this article, 1st of a MySQL 5.7 Security series, we will see how to enforce Strong Passwords with Password Validation Plugin when using MySQL 5.7. Authentication with ID and password is a very simple and common (because it\u2019s simple) way to secure the access to a resource, however the\u2026","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"MySQL Security","src":"https:\/\/i0.wp.com\/dasini.net\/blog\/wp-content\/uploads\/MySQL_DB_Lock2.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":2156,"url":"https:\/\/dasini.net\/blog\/2018\/03\/07\/mysql-security-password-management\/","url_meta":{"origin":3535,"position":4},"title":"MySQL Security \u2013 Password Management","author":"Olivier DASINI","date":"7 mars 2018","format":false,"excerpt":"Some regulations required\u00a0that the password is renewed in a timely and appropriate manner (e.g. every 90 days). In this article, 2nd of the MySQL 5.7 Security series, we will see how to\u00a0to establish a policy for password expiration\u00a0with MySQL 5.7\u00a0Password\u00a0Management.","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"MySQL Security","src":"https:\/\/i0.wp.com\/dasini.net\/blog\/wp-content\/uploads\/MySQL_DB_Lock2.png?resize=350%2C200","width":350,"height":200},"classes":[]},{"id":3508,"url":"https:\/\/dasini.net\/blog\/2020\/04\/21\/mysql-security-password-expiration-policy\/","url_meta":{"origin":3535,"position":5},"title":"MySQL Security \u2013 Password Expiration Policy","author":"Olivier DASINI","date":"21 avril 2020","format":false,"excerpt":"MySQL provides password-expiration capability, which enables database administrators to require that users reset their password.","rel":"","context":"Dans &quot;MySQL&quot;","block_context":{"text":"MySQL","link":"https:\/\/dasini.net\/blog\/category\/mysql-en\/"},"img":{"alt_text":"","src":"https:\/\/i0.wp.com\/img.youtube.com\/vi\/k4K-scd4oI0\/0.jpg?resize=350%2C200","width":350,"height":200},"classes":[]}],"jetpack_likes_enabled":true,"_links":{"self":[{"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/posts\/3535","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/comments?post=3535"}],"version-history":[{"count":29,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/posts\/3535\/revisions"}],"predecessor-version":[{"id":3716,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/posts\/3535\/revisions\/3716"}],"wp:attachment":[{"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/media?parent=3535"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/categories?post=3535"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/dasini.net\/blog\/wp-json\/wp\/v2\/tags?post=3535"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}