MySQL Blog Archive
For the latest blogs go to blogs.oracle.com/mysql
An update on default_password_lifetime

With MySQL 5.7, our goal is to be secure by default. This means that without having to change configuration settings or perform any additional steps, your fresh installation should be safe for production use.

As part of this security initiative, MySQL 5.7 shipped with a new feature where user accounts will be disabled if the password has not been changed in a number of days. This is configurable on either a per-user or global basis. The default global expiry was set to 360 days (configurable via default_password_lifetime).

Changes in 5.7.11

We received feedback that the default expiry policy is surprising for users upgrading from a previous release of MySQL. We agree, and in response the default has been changed to zero, as of MySQL 5.7.11.

This means that password expiry will not be in-force by default. We do however encourage users to change this to align with their organization’s password policies.

The Future

We do continue to see value in setting a value of default_password_lifetime to greater than zero, as this offers improved protection against legacy user accounts being used to compromise a server.

That is to say that we may look at changing the new 5.7.11 default of zero, to a non-zero version in a future major release. We encourage feedback as to how we could make this transition less surprising. I have created feature requests (Bug #79939, Bug #79959) for a startup warning, and a SYS view. There is still room for additional suggestions.

Conclusion

We would like to thank Tsubasa Tanaka for filing bug 77277 – default_password_lifetime should be set 0 as implicit default value, as well a number of community members who reached out to us, and clicked ‘affects me’ on Tsubasa’s bug report.

Thank you for helping to improve MySQL!