diff --git a/ce/11_mysql_paswords.json.tt2 b/ce/11_mysql_paswords.json.tt2
new file mode 100644
index 0000000..946f4ef
--- /dev/null
+++ b/ce/11_mysql_paswords.json.tt2
@@ -0,0 +1,10 @@
+{
+    "command": {
+        mysql -Bs mysql -e 'SELECT User,Host,Password FROM user WHERE (Password = "" OR Password LIKE "!%") AND User != "root"': {
+            "comment": "There must be no users without password (root is an exception here, customer must set it later)"
+            "exit-status": 0,
+            "stdout": [],
+            "stderr": []
+        }
+    }
+}
diff --git a/ce/goss.json.tt2 b/ce/goss.json.tt2
index 23c862f..79fba1f 100644
--- a/ce/goss.json.tt2
+++ b/ce/goss.json.tt2
@@ -13,6 +13,7 @@
         "08_system_ports.json": {},
         "09_system_dns.json": {},
         "10_sites_ok.json": {},
+        "11_mysql_paswords.json": {},
         "99_dummy.json": {}
     }
 }
diff --git a/pro/11_mysql_paswords.json.tt2 b/pro/11_mysql_paswords.json.tt2
new file mode 120000
index 0000000..cc1599d
--- /dev/null
+++ b/pro/11_mysql_paswords.json.tt2
@@ -0,0 +1 @@
+../ce/11_mysql_paswords.json.tt2
\ No newline at end of file