SET PASSWORD [FOR user] = password_option

password_option: {
  | OLD_PASSWORD('auth_string')
  | 'hash_string'
  • 'auth_string' represents a cleartext password.
  • 'hash_string' represents an encrypted password.

SET PASSWORD can be used with or without a FOR clause that explicitly names a user account:

  • With a FOR user clause, the statement sets the password for the named account, which must exist:

    SET PASSWORD FOR 'jeffrey'@'localhost' = password_option;
  • With no FOR user clause, the statement sets the password for the current user:

    SET PASSWORD = password_option;

Any client who connects to the server using a nonanonymous account can change the password for that account. (In particular, you can change your own password.) To see which account the server authenticated you as, invoke the CURRENT_USER() function:


The password can be specified in these ways:

  • Use the PASSWORD() function

    SET old_passwords = 0;
    SET PASSWORD FOR 'jeffrey'@'localhost' = PASSWORD('123456');
  • Use the OLD_PASSWORD() function

  • Use an already encrypted password string

The following table shows, for each password hashing method, the permitted value of old_passwords and which authentication plugins use the hashing method.

Password Hashing Method old_passwords Value Associated Authentication Plugin
MySQL 4.1 native hashing 0 mysql_native_password
Pre-4.1 (“old”) hashing 1 mysql_old_password
SHA-256 hashing 2 sha256_password