SET PASSWORD [FOR user] = password_option

password_option: {
  | OLD_PASSWORD('auth_string')
  | 'hash_string'

The SET PASSWORD statement assigns a password to a MySQL user account, specified as either a cleartext (unencrypted) or encrypted value:

SET PASSWORD can be used with or without an explicitly named user account:

In MySQL 5.1 and later, when the read_only system variable is enabled, SET PASSWORD requires the SUPER privilege in addition to any other required privileges.

If a FOR user clause is given, the account name uses the format described in Section 6.2.3, “Specifying Account Names”. The user value should be given as 'user_name'@'host_name', where 'user_name' and 'host_name' are exactly as listed in the User and Host columns of the account's mysql.user table row. If you specify only a user name, a host name of '%' is used. For example, to set the password for an account with User and Host column values of 'bob' and '%.example.org', write the statement like this:

SET PASSWORD FOR 'bob'@'%.example.org' = PASSWORD('auth_string');

The password can be specified in these ways:

For more information about setting passwords, see Section 6.3.5, “Assigning Account Passwords”.


SET PASSWORD may be recorded in server logs or on the client side in a history file such as ~/.mysql_history, which means that cleartext passwords may be read by anyone having read access to that information. For information about password logging in the server logs, see Section, “Passwords and Logging”. For similar information about client-side logging, see Section, “mysql Logging”.


If you are connecting to a MySQL 4.1 or later server using a pre-4.1 client program, do not change your password without first reading Section, “Password Hashing in MySQL”. The default password hashing format changed in MySQL 4.1, and if you change your password, it might be stored using a hashing format that pre-4.1 clients cannot generate, thus preventing you from connecting to the server afterward.

If you are using MySQL Replication, be aware that, currently, a password used by a replication slave as part of a CHANGE MASTER TO statement is effectively limited to 32 characters in length; if the password is longer, any excess characters are truncated. This is not due to any limit imposed by the MySQL Server generally, but rather is an issue specific to MySQL Replication. (For more information, see Bug #43439.)