SET PASSWORD is a MariaDB command that allows you to update an existing user’s password. Knowing how to change MariaDB user passwords is essential for main­tain­ing database security and should be done in various sit­u­a­tions.

When should you change a MariaDB user’s password?

Updating a user password in MariaDB is a key part of any database security strategy. You should change a password whenever there’s a specific reason or when security policies require it. For example, as soon as a user leaves the company or moves to another role, you should promptly update or de­ac­ti­vate all related cre­den­tials. If you detect sus­pi­cious activity, such as unusual login attempts or access to sensitive data, change the password im­me­di­ate­ly.

Passwords should also be updated if they have ac­ci­den­tal­ly been made public. This might occur due to con­fig­u­ra­tion error, an in­cor­rect­ly sent script or an entry in a version control system. In such cases, a quick password change can prevent unau­tho­rized access. Many security standards also recommend changing passwords regularly (e.g. every 90 days) es­pe­cial­ly in high-security en­vi­ron­ments.

In short, change passwords whenever a potential risk exists — don’t wait for an incident to happen.

Compute Engine
The ideal IaaS for your workload
  • Cost-effective vCPUs and powerful dedicated cores
  • Flex­i­bil­i­ty with no minimum contract
  • 24/7 expert support included

How to use SET PASSWORD to change user passwords

The SET PASSWORD command allows you to change user passwords quickly and securely. Without a FOR clause, the command changes the password for the currently logged-in user. Adding FOR ‘user’@’host’ allows you to target a specific account. In this case, you need UPDATE priv­i­leges on the mysql database, which stores MariaDB’s user in­for­ma­tion.

The general syntax is:

SET PASSWORD FOR 'user'@'host' = PASSWORD('newpassword');
sql

In current versions of MariaDB (10.4 and later), you can use ALTER USER to set the password directly in plaintext:

ALTER USER 'user'@'host' IDENTIFIED BY 'newpassword';
sql

This newer method is preferred because the older function generates an internal hash and only works with certain password-based au­then­ti­ca­tion plugins such as mysql_native_password, ed25519, or mysql_old_password. Other plugins like unix_socket, pam, gssapi, or named_pipe don’t store a password in the database. In these cases, SET PASSWORD will cause an error.

How to change a user’s password

You can update a user’s password directly via the MariaDB client by con­nect­ing over SSH.

First, open an SSH session and log in to the server. To start the MariaDB client with ad­min­is­tra­tive priv­i­leges, enter the following command:

sudo mysql
bash

After entering your SSH accounr password, you’ll gain access to the MariaDB interface. There, you’ll see a prompt similar to:

MariaDB [(none)]>
sql

To manage user passwords, select the database that contains the user in­for­ma­tion. By default, this is the mysql database. Switch to it with:

use mysql;
sql

Now, change the password for the desired user by entering:

SET PASSWORD FOR 'newuser'@'host' = PASSWORD('newsecurepassword');
sql

Replace newuser with the actual username and newsecurepassword with the new password.

Once the change is suc­cess­ful, MariaDB will display a con­fir­ma­tion message.

When you’re finished, exit the MariaDB client with:

exit
sql

This will return you to the regular server console.

For accounts that log in with a password, SET PASSWORD is still a valuable tool. It allows you to quickly respond to security incidents, enforce new passwords and maintain secure access after role changes.

Managed Database Services
Time-saving database services
  • En­ter­prise-grade ar­chi­tec­ture managed by experts
  • Flexible solutions tailored to your re­quire­ments
  • Leading security in ISO-certified data centers
Go to Main Menu