If you have installed MySQL on your Linux system and need to have one or more users with an empty password, it is possible to either create new users with empty passwords or reset an existing user’s password to being empty.
This obviously goes against all conventional security practices, but it may be more convenient in testing scenarios or other unique situations. Whatever your use case may be, we will assume you know what you are doing and have taken into consideration the obvious security risk of having a MySQL user with an empty password.
It is even possible to configure the root account to have an empty password. In this tutorial, we will take you through the step by step instructions to allow an empty password in MySQL.
In this tutorial you will learn:
- How to create a new MySQL user with empty password
- How to disable validate password component
- How to set a MySQL user’s password to being empty
- How to set an empty password on MySQL root account
|Category||Requirements, Conventions or Software Version Used|
|Other||Privileged access to your Linux system as root or via the
# – requires given linux commands to be executed with root privileges either directly as a root user or by use of
$ – requires given linux commands to be executed as a regular non-privileged user
MySQL: Allow empty password step by step instructions
- Start by opening up MySQL with the root account.
$ sudo mysql
Or, on some configurations you may be required to enter the following command and provide your root password:
$ mysql -u root -p
If you do not know the root password, you will need to set one (at least temporarily – we can always make it empty later) by executing:
$ sudo mysql_secure_installation
- If you have the validate password component turned on, you will need to execute the command below and turn it off. As long as it is turned on, empty passwords (or any other password perceived as weak) will not be allowed in MySQL.
$ sudo mysql_secure_installation
- If you want to create a new user with a blank password, simply use the usual
CREATE USERcommand and use an empty password. The following command would create a new user named
linuxconfigand set an empty password.
mysql> CREATE USER 'linuxconfig'@'localhost' IDENTIFIED BY ''; mysql> flush privileges;
- If you already have an existing user and need to set their password to being empty, you can use the following
ALTER USERsyntax. This will set existing user
linuxconfig‘s password to empty.
mysql> ALTER USER 'linuxconfig'@'localhost' IDENTIFIED BY ''; mysql> flush privileges;
- If you need to set an empty password for the root user, that can be done with this command:
mysql> SET PASSWORD FOR 'root'@'localhost' = ''; mysql> flush privileges;
That’s all there is to it. Your user and/or root user should now be able to login to your MySQL server using an empty password. You can verify that this works as expected by logging into MySQL with the user account and not specifying a password:
$ mysql -u linuxconfig
In this tutorial, we saw how to allow a user to log in to MySQL with an empty password on a Linux system. MySQL makes this a little tricky to configure, mainly because of the huge security problem that this configuration imposes. Nevertheless, it is still possible to set an empty password on new users, existing users, and the root account as long as the validate password component has been turned off.