How to Change MySQL User Password

Rotating a database password is one of those small tasks you do often: after onboarding a developer, before handing over a server, or right after you suspect credentials have leaked. On MySQL and MariaDB, this is a single SQL statement, but the correct syntax changed between major versions and the older guides on the web still show commands that no longer work.

This guide shows you how to change a MySQL or MariaDB user password from the mysql shell, with the modern syntax that works on MySQL 5.7.6+, MySQL 8.0+, and MariaDB 10.2+.

Check your database version #

The password-change command depends on which server you are running. Print the version with:

mysql --version

Typical MySQL output:

mysql  Ver 8.0.39 for Linux on x86_64 (MySQL Community Server - GPL)

Typical MariaDB output:

mysql  Ver 15.1 Distrib 10.11.8-MariaDB, for debian-linux-gnu (x86_64) using readline 5.2

For a list of existing accounts before you change anything, see how to show MySQL users .

How to Change MySQL User Password #

Follow the steps below to change the password of a MySQL or MariaDB user account.

1. Log in to the MySQL shell as root #

Open the MySQL shell as the root user and enter your password when prompted:

mysql -u root -p

If you have not set a password for the MySQL root account, or your installation uses the auth_socket plugin (the default on recent Ubuntu packages), log in with:

sudo mysql

2. Change the user password #

On MySQL 5.7.6 and later, MySQL 8.0, and MariaDB 10.2 and later, use ALTER USER:

ALTER USER 'user-name'@'localhost' IDENTIFIED BY 'NEW_USER_PASSWORD';

Replace user-name with the account you want to update and NEW_USER_PASSWORD with the new password. If the user connects from a remote host, replace localhost with the matching host or IP address defined on the account.

An equivalent alternative is SET PASSWORD:

SET PASSWORD FOR 'user-name'@'localhost' = 'NEW_USER_PASSWORD';

Note that in MySQL 8.0 the legacy PASSWORD('...') wrapper was removed, so the new password must be passed as a plain string. Using PASSWORD() on MySQL 8.0 raises a syntax error.

If the change succeeds, the server returns:

Query OK, 0 rows affected (0.00 sec)

You do not need to run FLUSH PRIVILEGES after ALTER USER or SET PASSWORD. That command is only required when you modify the grant tables directly with UPDATE or INSERT statements.

Log out of the MySQL shell:

quit;

3. Verify the new password #

Connect with the user account you just updated:

mysql -u user-name -h localhost -p

Enter the new password at the prompt. If the credentials are correct, the MySQL shell opens; otherwise you get ERROR 1045 (Access denied) and need to repeat step 2.

Change the MySQL root password #

The same ALTER USER statement works for the root account. Log in with sudo mysql (or mysql -u root -p if the account already has a password), then run:

ALTER USER 'root'@'localhost' IDENTIFIED BY 'NEW_ROOT_PASSWORD';

If you also want to switch the root account back to password authentication on Ubuntu, replace the plugin at the same time:

ALTER USER 'root'@'localhost' IDENTIFIED WITH mysql_native_password BY 'NEW_ROOT_PASSWORD';

Troubleshooting #

ERROR 1064 (42000): You have an error in your SQL syntax
You are most likely running MySQL 8.0 and passing the old PASSWORD('...') wrapper. Remove the wrapper and pass the password as a plain quoted string: ALTER USER 'user'@'localhost' IDENTIFIED BY 'secret';.

ERROR 1045 (28000): Access denied for user
Either the password you typed is wrong, or the account uses a different host. List the accounts with SELECT user, host FROM mysql.user; and confirm that you are updating the exact 'user'@'host' pair the client is trying to authenticate with.

ERROR 1396 (HY000): Operation ALTER USER failed for ‘user’@’localhost’
The account does not exist with that exact host. Double-check the host part (for example 'user'@'%' is a different account from 'user'@'localhost'). Create the account with CREATE USER or update it using the correct host.

Password change has no effect for remote clients
The user connects from a different host than the one you updated. MySQL treats 'user'@'localhost' and 'user'@'10.0.0.5' as separate accounts, each with its own password. Update each host entry you care about.

FAQ #

How do I change the MySQL root password?
Log in with sudo mysql or mysql -u root -p, then run ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password';. On recent Ubuntu installations the root account uses the auth_socket plugin by default; if you want to keep password authentication, include IDENTIFIED WITH mysql_native_password BY 'new_password'.

Do I need to run FLUSH PRIVILEGES after ALTER USER?
No. FLUSH PRIVILEGES is only required after you modify the grant tables directly with UPDATE or INSERT. ALTER USER, SET PASSWORD, CREATE USER, DROP USER, and GRANT reload the in-memory privileges automatically.

How do I reset a forgotten MySQL root password?
Stop the MySQL service, start it with --skip-grant-tables --skip-networking, connect with mysql -u root (no password), run FLUSH PRIVILEGES; and then ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password';, stop the server, and start it normally again.

Why does SET PASSWORD with PASSWORD('...') fail?
The PASSWORD() function was deprecated in MySQL 5.7 and removed in MySQL 8.0. Use the plain string form: SET PASSWORD FOR 'user'@'host' = 'new_password';.

Conclusion #

ALTER USER is the one command to remember for changing passwords on modern MySQL and MariaDB servers, and you do not need FLUSH PRIVILEGES with it. For the full set of account and privilege commands, see the guide on how to manage MySQL user accounts and databases .

About the authors

Dejan Panovski

Dejan Panovski is the founder of Linuxize, an RHCSA-certified Linux system administrator and DevOps engineer based in Skopje, Macedonia. Author of 800+ Linux tutorials with 20+ years of experience turning complex Linux tasks into clear, reliable guides.

View author page