MySQL password expiration features to help you comply with PCI-DSS
▻https://www.percona.com/blog/2016/02/04/mysql-password-expiration-features-help-comply-pci-dss
PCI Compliance (section 8.2.4) requires users to change password every 90 days. Until MySQL 5.6.6 there wasn’t a built-in way to comply with this requirement. Since MySQL version 5.6.6 there’s a password_expired feature which allows to set a user’s password as expired. This has been added to the mysql.user table and its default value it’s “N.” You can change it to “Y” using the ALTER USER statement. Here’s an quick example on how to set expiration date for a MySQL user account:mysql> ALTER USER ’testuser’@’localhost’ PASSWORD EXPIRE;Once this is set to “Y” the username will still be able to login to the MySQL server, but it will not be able to run any queries before setting the new password. You will instead get an ERROR 1820 message:mysql> SHOW DATABASES; ERROR 1820 (HY000): You must SET (...)