🔑 MySQL Change User Password – Securely Update Account Credentials

---

🧲 Introduction – Why Change User Passwords?

Changing user passwords in MySQL is essential for maintaining database security, password rotation policies, and responding to account compromises. Whether you’re resetting a forgotten password or enforcing stricter access controls, MySQL provides secure and flexible ways to update user credentials.

🎯 In this guide, you’ll learn:

• How to change a MySQL user’s password securely
• Methods using ALTER USER, SET PASSWORD, and admin overrides
• Best practices for password policies
• Version compatibility notes for MySQL 5.x and 8+

---

🛠️ 1. ALTER USER – Recommended Method (MySQL 5.7.6+ / 8.0+)

🔹 Syntax

ALTER USER 'username'@'host' IDENTIFIED BY 'NewPassword';

🔹 Example

ALTER USER 'app_user'@'localhost' IDENTIFIED BY 'StrongerP@ss123!';

Explanation:
This updates the password for app_user to the new string securely.

✅ Preferred method in MySQL 5.7.6 and above
✅ Supports password expiration, validation, and history

---

🔐 2. SET PASSWORD – Alternative Method

🔹 Syntax (For Current Logged-In User)

SET PASSWORD = 'NewPassword';

🔹 Syntax (For Another User)

SET PASSWORD FOR 'username'@'host' = 'NewPassword';

🔹 Example

SET PASSWORD FOR 'report_user'@'%' = 'ReporT@123!';

Note:
MySQL 8.0 uses ALTER USER as the preferred method. SET PASSWORD is still supported but lacks some policy controls.

---

👁️ 3. Check Current User

SELECT CURRENT_USER();

✅ Useful before running SET PASSWORD if you’re unsure who you’re logged in as.

---

🧯 4. Reset Password as Root (Admin Recovery)

🔹 Steps:

1. Log in as root or another admin-level account
2. Run:

ALTER USER 'username'@'host' IDENTIFIED BY 'NewSecureP@ss!';

✅ Ideal for forgotten passwords or force resets by DBAs

---

🔑 5. Password Expiration & Policy (MySQL 8+)

🔹 Force Password Expiry

ALTER USER 'username'@'host' PASSWORD EXPIRE;

Effect:
Prompts user to change password upon next login.

---

🔹 Set Password Lifetime (In Days)

ALTER USER 'username'@'host' PASSWORD EXPIRE INTERVAL 60 DAY;

✅ Enforces password rotation policies.

---

📘 Password Change Summary Table

Method	Use Case	Version
ALTER USER	General password update	MySQL 5.7.6+ / 8
SET PASSWORD	Legacy or same-user change	All versions
PASSWORD EXPIRE	Force user to reset password	MySQL 8+
RENAME USER	Use to rename (not change password)	All versions

---

📋 Best Practices

✅ Tip	💡 Why It Matters
Always use ALTER USER in modern MySQL	More secure and future-proof
Use strong, complex passwords	Protects against brute-force and credential reuse
Set password expiration for sensitive accounts	Enforces regular credential rotation
Restrict password changes to root or DBA	Ensures secure account management
Rotate passwords regularly in production	Reduces risk of long-term exposure

---

🚀 Real-World Use Cases

Scenario	Command Used
Reset app password on deploy	ALTER USER 'api_user'@'localhost' IDENTIFIED BY 'N3wApp!Pass'
Expire password for contractors	ALTER USER 'vendor'@'%' PASSWORD EXPIRE;
Password rotation for auditors	ALTER USER 'audit'@'%' PASSWORD EXPIRE INTERVAL 90 DAY;
Reset admin account after breach	ALTER USER 'admin'@'localhost' IDENTIFIED BY 'SecReT123!';

---

📌 Summary – Recap & Next Steps

Changing MySQL user passwords is a fundamental security task. MySQL provides modern, secure methods (ALTER USER) to update passwords while supporting legacy commands for backward compatibility.

🔍 Key Takeaways

• Use ALTER USER for secure password changes (MySQL 5.7.6+)
• Use SET PASSWORD for legacy or in-session updates
• Apply password expiration policies for sensitive users
• Only privileged users should change others’ passwords
• Strong passwords and regular rotation reduce risks

⚙️ Real-World Relevance

Password management is critical for DevOps, database administration, multi-tenant apps, and security compliance (SOC2, HIPAA, PCI-DSS).

---

❓ FAQ – Changing MySQL Passwords

---

❓ What is the recommended way to change a password?

✅ Use:

ALTER USER 'username'@'host' IDENTIFIED BY 'NewP@ssword!';

---

❓ How do I change my own password?

SET PASSWORD = 'NewMyP@ss!';

(Only works if you’re logged in as that user.)

---

❓ Can I force users to change their passwords?

✅ Yes:

ALTER USER 'user'@'host' PASSWORD EXPIRE;

---

❓ Is it safe to store passwords in SQL queries?

❌ No. Use secure, encrypted connection tools or management scripts.

---

❓ Can I see a user’s password in plain text?

❌ No. MySQL stores hashed passwords—you cannot retrieve them.

---

Share Now :