MySQL 5.7 Reference Manual Including MySQL NDB Cluster 7.5 and NDB Cluster 7.6 SET PASSWORD Statement

SET PASSWORD [FOR user] = password_option

password_option: {
  | PASSWORD('auth_string')

The SET PASSWORD statement assigns a password to a MySQL user account. 'auth_string' represents a cleartext (unencrypted) password.


Under some circumstances, SET PASSWORD may be recorded in server logs or on the client side in a history file such as ~/.mysql_history, which means that cleartext passwords may be read by anyone having read access to that information. For information about the conditions under which this occurs for the server logs and how to control it, see Section, “Passwords and Logging”. For similar information about client-side logging, see Section, “mysql Client Logging”.

SET PASSWORD can be used with or without a FOR clause that explicitly names a user account:

If a FOR user clause is given, the account name uses the format described in Section 6.2.4, “Specifying Account Names”. For example:

SET PASSWORD FOR 'bob'@'' = 'auth_string';

The host name part of the account name, if omitted, defaults to '%'.

Setting the password for a named account (with a FOR clause) requires the UPDATE privilege for the mysql system database. Setting the password for yourself (for a nonanonymous account with no FOR clause) requires no special privileges. When the read_only system variable is enabled, SET PASSWORD requires the SUPER privilege in addition to any other required privileges.

The password can be specified in these ways:

The following table shows, for each password hashing method, the permitted value of old_passwords and which authentication plugins use the hashing method.

Password Hashing Method old_passwords Value Associated Authentication Plugin
MySQL 4.1 native hashing 0 mysql_native_password
SHA-256 hashing 2 sha256_password

For additional information about setting passwords and authentication plugins, see Section 6.2.10, “Assigning Account Passwords”, and Section 6.2.13, “Pluggable Authentication”.