Description:
Add the ablity to control how many days a user can login before requiring a password change.

How to repeat:
n/a

Suggested fix:
Add a place to control the number of days a user may log in without having a password change (in mysql.user, I would assume).  The value is in days, 0 is no forced expiration.

Add ability to track login statistics by user.  Would only need to keep days since last password change initially but can probably add a ton of good stats here too like total logins, last login date, etc.  On login, check the number of days vs password expiration days for that user. 

Add a new server variable, pw_expiration_warning_days, default to 7.  If the difference between the two is <= pw_expiration_warning_days, display a warning at logon.

Once the account expires, they have to contact the admin to change their password.

Thank you for a useful feature request. As MySQL server uses and manages its own user accounts, some way to force password-related security policy (similar to OS level one) is really needed.

This was especially important when relating to Sarbanes-Oxley restrictions in the US.  I recall one of the requirements was to force password changes on a repeating cycle.

Also, it would be very nice if, when implemented, this could enforce password strength (such as minimum 8 characters in length, and containing both numbers and letters).

See also bugs 6100, 21040, 49549

Bug #21040 was marked as a duplicate of this one.

Any updates on this at all?

Hello,

Is this feature implemented ?

Thanks
Arathi

Any updates on password policy

Probably the password expiration in MySQL 5.6 is what you want:

http://dev.mysql.com/doc/refman/5.6/en/alter-user.html

This is now closed. 5.6 added the requested feature for password expiration.