How to Change a User Password in MySQL

Why change a MySQL password with ALTER USER?

ALTER USER validates the new password against the server’s current authentication policy, writes directly to mysql.user, and eliminates the need for a manual FLUSH PRIVILEGES. It is the recommended method from MySQL 5.7.6 onward.

What is the safest syntax?

Run ALTER USER 'user'@'host' IDENTIFIED BY 'New$tr0ngP@ss'; while connected as a privileged account such as root or an admin with the ALTER USER privilege. Always quote user and host, and wrap the password in single quotes.

Example – reset an application account

ALTER USER 'app_user'@'%' IDENTIFIED BY 'S0m3$ecureP@ss!';

How do I change the root password?

Log in with an account that still has SUPER or ALTER USER rights, then run ALTER USER 'root'@'localhost' IDENTIFIED BY 'N3wR00tP@ss!';. Restarting the server is not required.

How do I verify the change worked?

Reconnect using the new password or query the mysql.user table:
SELECT user, host, authentication_string FROM mysql.user WHERE user='app_user';

What privileges do I need?

You must have the global ALTER USER privilege or possess UPDATE on mysql.*. Regular application users typically lack these rights.

Can I still use SET PASSWORD?

Yes, but SET PASSWORD is deprecated and does not enforce password policy checks in older versions. Prefer ALTER USER unless you are on MySQL 5.6 or earlier.

Best practices for secure password changes

1. Use long, random strings—at least 12 characters.
2. Store secrets in a vault, not in source code.
3. Rotate passwords on a schedule, especially for shared service accounts.