How to Change Password in MariaDB

Galaxy Glossary

How do I change a user's password in MariaDB?

ALTER USER or SET PASSWORD lets you securely update a MariaDB account’s credentials without recreating the user.

Sign up for the latest in SQL knowledge from the Galaxy Team!

Description

When should I change a MariaDB password?

Change passwords after staff turnover, on schedule (e.g., every 90 days), or immediately after a suspected breach to block unauthorized access.

Which statements can update a password?

Use ALTER USER for modern MariaDB versions (10.4+) and SET PASSWORD for legacy compatibility. Both modify the mysql.user table instantly.

How does ALTER USER work?

ALTER USER updates the account row and re-authenticates future sessions. Include IDENTIFIED BY for plain text or IDENTIFIED VIA for plugins.

How does SET PASSWORD differ?

SET PASSWORD only changes the password hash. It cannot switch authentication plugins, so prefer ALTER USER when possible.

What permissions are required?

GRANT OPTION or global ALTER USER privilege is needed. The root or DBA role normally performs the change.

How to change the root user password?

Login as root on the server host, then run ALTER USER 'root'@'localhost' IDENTIFIED BY 'NewR00tPass!';. Always choose a long, unique passphrase.

How to force analysts to rotate passwords?

Create a scheduled job that expires passwords by setting PASSWORD EXPIRE and notify users through your CI/CD pipeline or a chat-ops bot.

Best practices for secure password changes?

Use TLS when connecting, generate random 14+ character passwords, store them in a secrets manager, and audit the mysql.user table for forgotten accounts.

Can I change a password remotely?

Yes, if the account has remote access and you connect over TLS. Otherwise, use an SSH tunnel or VPN.

Why How to Change Password in MariaDB is important

How to Change Password in MariaDB Example Usage


-- Analyst who builds revenue reports on Orders and OrderItems
ALTER USER 'report_user'@'192.168.%' IDENTIFIED BY 'R3vRpt$2024';

How to Change Password in MariaDB Syntax


-- ALTER USER (recommended for MariaDB ≥10.4)
ALTER USER 'username'@'host' 
  IDENTIFIED [WITH plugin] BY 'new_password'
  [REQUIRE {NONE | SSL | X509 | ISSUER 'CA' | SUBJECT 'subject'}]
  [PASSWORD EXPIRE {DEFAULT | NEVER | INTERVAL N DAY}];

-- SET PASSWORD (legacy)
SET PASSWORD FOR 'username'@'host' = PASSWORD('new_password');

-- Example in ecommerce context
-- Rotate analyst account that queries Customers and Orders
ALTER USER 'order_analyst'@'%' IDENTIFIED BY 'OAg2#kP9sS!';

Common Mistakes

Using SET PASSWORD on MariaDB 10.4+ when the account uses ed25519 authentication. Fix: switch to ALTER USER IDENTIFIED VIA ed25519 USING 'hash'.
Forgetting FLUSH PRIVILEGES on very old versions (<10.0), leaving the old password active. Fix: run FLUSH PRIVILEGES or upgrade to a newer release where it is automatic.

Frequently Asked Questions (FAQs)

Does changing a password kill active sessions?

No. Existing sessions remain connected. Users must reconnect to authenticate with the new password.

Can I script password changes?

Yes. Use mysql client with --execute inside CI jobs or configuration-management tools like Ansible, Chef, or Terraform.

How do I verify the new password hash?

Run SELECT User, Host, authentication_string FROM mysql.user WHERE User='report_user'; and confirm the hash has updated.

Want to learn about other SQL terms?

dbt tests

dbt tests are declarative assertions in dbt that automatically validate data quality during model builds.

dbt utils

dbt utils is a community-maintained dbt package that adds time-saving utility macros for analytics engineers, such as generating surrogate keys, safely unioning models, and automating date spines.

dbt Tutorial Glossary: Build, Test & Deploy SQL Models

dbt is an open-source framework that lets data teams transform raw warehouse tables into tested, documented, production-ready datasets using version-controlled SQL.

Trusted by top engineers on high-velocity teams

Assort Health

Curri

Rubie