SET PASSWORD is a MariaDB command that allows you to update an existing user’s password. Knowing how to change MariaDB user passwords is essential for maintaining database security and should be done in various situations.

When should you change a MariaDB user’s password?

Updating a user password in MariaDB is a key part of any database security strategy. You should change a password whenever there’s a specific reason or when security policies require it. For example, as soon as a user leaves the company or moves to another role, you should promptly update or deactivate all related credentials. If you detect suspicious activity, such as unusual login attempts or access to sensitive data, change the password immediately.

Passwords should also be updated if they have accidentally been made public. This might occur due to configuration error, an incorrectly sent script or an entry in a version control system. In such cases, a quick password change can prevent unauthorised access. Many security standards also recommend changing passwords regularly (e.g. every 90 days) especially in high-security environments.

In short, change passwords whenever a potential risk exists – don’t wait for an incident to happen.

Compute Engine
The ideal IaaS for your workload
  • Cost-effective vCPUs and powerful dedicated cores
  • Flexibility with no minimum contract
  • 24/7 expert support included

How to use SET PASSWORD to change user passwords

The SET PASSWORD command allows you to change user passwords quickly and securely. Without a FOR clause, the command changes the password for the currently logged-in user. Adding FOR ‘user’@’host’ allows you to target a specific account. In this case, you need UPDATE privileges on the mysql database, which stores MariaDB’s user information.

The general syntax is:

SET PASSWORD FOR 'user'@'host' = PASSWORD('newpassword');
sql

In current versions of MariaDB (10.4 and later), you can use ALTER USER to set the password directly in plaintext:

ALTER USER 'user'@'host' IDENTIFIED BY 'newpassword';
sql

This newer method is preferred because the older function generates an internal hash and only works with certain password-based authentication plugins such as mysql_native_password, ed25519, or mysql_old_password. Other plugins like unix_socket, pam, gssapi, or named_pipe don’t store a password in the database. In these cases, SET PASSWORD will cause an error.

How to change a user’s password

You can update a user’s password directly via the MariaDB client by connecting over SSH.

First, open an SSH session and log in to the server. To start the MariaDB client with administrative privileges, enter the following command:

sudo mysql
bash

After entering your SSH user password, you’ll gain access to the MariaDB interface. There, you’ll see a prompt similar to the following:

MariaDB [(none)]>
sql

To manage user passwords, select the database that contains the user information. By default, this is the mysql database. Switch to it with:

use mysql;
sql

Now, change the password for the desired user by entering:

SET PASSWORD FOR 'newuser'@'host' = PASSWORD('newsecurepassword');
sql

Replace newuser with the actual username and newsecurepassword with the new password.

Once the change is successful, MariaDB will display a confirmation message.

When you’re finished, exit the MariaDB client with:

exit
sql

This will return you to the regular server console.

For accounts that log in with a password, SET PASSWORD is still a valuable tool. It allows you to quickly respond to security incidents, enforce new passwords and maintain secure access after role changes.

Managed Databases
Time-saving database services
  • Enterprise-grade architecture managed by experts
  • Flexible solutions tailored to your requirements
  • Hosted in the UK under strict data protection legislation
Was this article helpful?
Go to Main Menu