A password is set up for every MySQL account. If no password is provided for the account, the password is blank, which means that no password is required. MySQL doesn’t have any limit for the length of a password, but sometimes other software on your system limits the length to eight characters. If so, any characters after eight are dropped.
For extra security, MySQL encrypts passwords before it stores them. That means passwords aren’t stored in the recognizable characters that you enter. This security measure ensures that no one can simply look at the stored passwords and understand what they are.
Unfortunately, some bad people out there might try to access your data by guessing your password. They use software that tries to connect rapidly in succession with different passwords — a practice called a brute force attack.
In any event, your MySQL server shouldn’t be exposed directly to the Internet, so an attacker would need to get access to the MySQL server first in order to try a brute force attack.