diff --git a/molecule/mysql_hardening/converge.yml b/molecule/mysql_hardening/converge.yml
index 60e5df29..bd589ef2 100644
--- a/molecule/mysql_hardening/converge.yml
+++ b/molecule/mysql_hardening/converge.yml
@@ -22,9 +22,6 @@
         - mysql_python_package_debian is not defined
         - ansible_distribution != "Ubuntu"
         - ansible_distribution_major_version|int < 20
-    - include_role:
-        name: dev-sec.mysql
-
     - include_role:
         name: mysql_hardening
   vars:
diff --git a/molecule/mysql_hardening/prepare.yml b/molecule/mysql_hardening/prepare.yml
index e859a2b3..f9f79355 100644
--- a/molecule/mysql_hardening/prepare.yml
+++ b/molecule/mysql_hardening/prepare.yml
@@ -25,3 +25,33 @@
       file:
         path: "/etc/mysql/conf.d"
         state: directory
+
+    - name: Determine required MySQL Python libraries (Ubuntu Focal Fossa ++)
+      set_fact:
+        mysql_python_package_debian: "python3-pymysql"
+      when:
+        - mysql_python_package_debian is not defined
+        - ansible_distribution == "Ubuntu"
+        - ansible_distribution_major_version|int > 19
+
+    - name: Determine required MySQL Python libraries.
+      set_fact:
+        mysql_python_package_debian: "{% if 'python3' in ansible_python_interpreter|default('') %}python3-mysqldb{% else %}python-mysqldb{% endif %}"
+      when:
+        - mysql_python_package_debian is not defined
+        - ansible_distribution != "Ubuntu"
+        - ansible_distribution_major_version|int < 20
+    - include_role:
+        name: dev-sec.mysql
+
+    - name: create a user with an empty password
+      community.mysql.mysql_query:
+        query:
+          - "CREATE USER foo@bar;"
+        login_unix_socket: "{{ login_unix_socket | default(omit) }}"
+  vars:
+    overwrite_global_mycnf: false
+    mysql_root_password: iloverandompasswordsbutthiswilldo
+    mysql_user_password: iloverandompasswordsbutthiswilldo
+    mysql_config_file: /etc/mysql/mariadb.cnf
+    mysql_root_password_update: true
diff --git a/molecule/mysql_hardening/verify_additional_tests.yml b/molecule/mysql_hardening/verify_additional_tests.yml
deleted file mode 100644
index 9e290ef5..00000000
--- a/molecule/mysql_hardening/verify_additional_tests.yml
+++ /dev/null
@@ -1,36 +0,0 @@
----
-- name: check which mysql version is used
-  community.mysql.mysql_info:
-    filter: version
-    login_unix_socket: "{{ login_unix_socket | default(omit) }}"
-  register: mysql_version
-
-- name: get all users that have no password or authentication_string on MySQL version >= 5.7.6
-  community.mysql.mysql_query:
-    query:
-      - select user,host,password from mysql.user where (length(password)=0 or password="") and (length(authentication_string)=0 or authentication_string="") and user NOT IN ('mysql.sys', 'mysqlxsys', 'mariadb.sys');
-    login_unix_socket: "{{ login_unix_socket | default(omit) }}"
-  register: mysql_users_wo_passwords_or_auth_string
-  when:
-    - mysql_version.version.full is version('5.7.6', '>=')
-
-- name: assert that there are no users that have no password or authentication_string on MySQL version >= 5.7.6
-  assert:
-    that:
-      - users_wo_password_or_auth_string == ""
-
-- name: get all users that have no password on MySQL version < 5.7.6
-  community.mysql.mysql_query:
-    query:
-      - select user,host,password from mysql.user where (length(password)=0 or password="") and user NOT IN ('mysql.sys', 'mysqlxsys', 'mariadb.sys');
-    login_unix_socket: "{{ login_unix_socket | default(omit) }}"
-  register: mysql_users_wo_passwords
-  when:
-    - mysql_version.version.full is version('5.7.6', '<')
-
-- name: assert that there are no users that have no password on MySQL version < 5.7.6
-  assert:
-    that:
-      - users_wo_password == ""
-  when:
-    - mysql_version.version.full is version('5.7.6', '<')