MySQL Passwords have evolved with versions 5.6 and 5.7 and we now have ways to ensure strength and expiration. There are some ‘tinker toy’s missing that keep it from being a complete system.

We do have a way of expiring passwords and forcing a user to change their password. But there is now way for the database to warn users that their password is about to expire or has expired. There is no way to check to see if if user changed their password and then changed it back to their ol’ favorite. There is no way to see when the password was changed last or any time before. There is no way to force these changes every X period or make sure some accounts do not change (root, accounts used for applications). Now of this is extremely complex to create and over a few blog posts, you will get a chance to help design …