From: Shawn Green
Date: September 24 2012 8:40pm
Subject: Re: secure user name for MySQL account?
List-Archive: http://lists.mysql.com/mysql/228260
Message-Id: <5060C52B.1000805@oracle.com>
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: 7bit

Hello Arthur,

On 9/24/2012 4:25 PM, Arthur Fuller wrote:
> On this note, one thing that really bugs me about MySQL passwords is the
> inability to use special characters. In the SQL Server world, I let users
> choose their own passwords, but obeying these rules:
>
> It cannot be a dictionary word or sequence of words.
> It must contain at least one numeric digit.
> It must contain a mix of upper and lower case.
> It must contain at least one special character.
>
> That combination makes a password very difficult to crack. I don't know why
> MySQL falls so short in this respect.
>

MySQL continues to improve in this respect. While it's true that our 
last big security change was the enhanced password hash function 
introduced in 4.1 we have not been completely insensitive to the needs 
of our customers.  For example, check out the list of account and 
security improvements arriving in MySQL 5.6
http://dev.mysql.com/doc/refman/5.6/en/mysql-nutshell.html

In particular, the password complexity threshold can be configured using 
the new Password Validation plugin:
http://dev.mysql.com/doc/refman/5.6/en/validate-password-plugin.html

Yours,
-- 
Shawn Green
MySQL Principal Technical Support Engineer
Oracle USA, Inc. - Hardware and Software, Engineered to Work Together.
Office: Blountville, TN