MySQL Workbench

5.3.9 Updating Old Authentication Protocol Passwords

MySQL 4.1 extended password hashes from 16 to 41 bytes. However, upgrading MySQL does not automatically update the old password passwords, so existing passwords continue to be stored in the deprecated format. This is because MySQL does not store passwords as plain text, so regenerating password hashes requires user intervention.

The associated secure_auth option was enabled by default as of MySQL 5.6. It is always enabled as of MySQL 5.7, meaning it can not be disabled. A future MySQL release will remove this option. With this option enabled, a user with a password defined in the old format will not be able to login to MySQL.

With all that said, the deprecated password format does not function with MySQL 5.7. All passwords using the old format must be updated. This section documents how to upgrade these passwords using MySQL Workbench. For information about migrating away from the old password format using the MySQL command line instead of Workbench, see Migrating Away from Pre-4.1 Password Hashing and the mysql_old_password Plugin.


The method that MySQL stores a password is defined by an authentication plugin. The old method uses the mysql_old_password authentication plugin, and the current default method uses mysql_native_password. As of MySQL 5.6, a sha256_password option is also available although it requires an SSL or encrypted connection. When Workbench upgrades passwords, it upgrades mysql_old_password to mysql_native_password. For additional information about authentication plugins, see Pluggable Authentication.

Options Depend on your secure_auth Option

Upgrading a password does have constraints. Here are two scenarios:

Using Workbench to Upgrade Your Password

Keeping the above in mind, there are two methods to update passwords using Workbench.

Open the Users and Privileges tab from Workbench's Management navigator. Select the user you want to update from the User Accounts section. If using the old password format, you will see text beginning with "This account is using the pre-mysql-4.1.1 password hashing type." in the lower right corner of the screen, and also a large Upgrade button on the right. From here, you can:

The following figures demonstrate the sequence of steps used in both methods:

Figure 5.23 Upgrade Old Password: Setting a New Password

Content is described in the surrounding text.

Figure 5.24 Upgrade Old Password: Reset to Random Expired Password

Content is described in the surrounding text.

When resetting to a random password, you must save the password and give it to the user. You will find the random password in the new popup window that is similar to the following figure.

Figure 5.25 Upgrade Old Password: Random Password Popup

Content is described in the surrounding text.

After completing the upgrade, notice the new Authentication Type for the connection. In the example shown in the next figure, the value changed from Standard (old) to Standard. In other words, the authentication type changed from mysql_old_password to mysql_native_password.

Figure 5.26 Upgraded Password: Standard (old) to Standard

Content is described in the surrounding text.