MySQLERRORCommonAccess ControlHIGH confidence

Access denied for user (using password)

Q: How to fix MySQL 1045 Access denied for user (using password)?

Reset the user password: ALTER USER updates the authentication credentials in the mysql.user grant table. The server uses these credentials for all subsequent connection attempts from that user/host combination.

Q: How to fix MySQL 1045 Access denied for user (using password)?

Create the user for the correct host: MariaDB user accounts are identified by username AND hostname. 'appuser'@'localhost' and 'appuser'@'%' are two distinct accounts. The '%' wildcard matches any host.

What this means

Error 1045 (SQLSTATE 28000) is the authentication failure error. It is returned by the server before a connection is fully established when the username does not exist, the password is wrong, or the combination of username, hostname, and password does not match any row in the mysql.user table.

Why it happens

1Wrong password supplied for the user account
2The user account does not exist on the server
3The user exists but not for the connecting hostname (e.g., exists for localhost but connecting from 192.168.1.x)
4The user was created with an authentication plugin the client does not support

How to reproduce

A connection attempt with an incorrect password.

trigger — this will error

mysql -u appuser -pwrongpassword -h localhost myapp_db

expected output

ERROR 1045 (28000): Access denied for user 'appuser'@'localhost' (using password: YES)

Fix 1

Reset the user password

WHEN When the password is simply wrong or forgotten.

Reset the user password

-- As root:
ALTER USER 'appuser'@'localhost' IDENTIFIED BY 'new_secure_password';
FLUSH PRIVILEGES;

Why this works

ALTER USER updates the authentication credentials in the mysql.user grant table. The server uses these credentials for all subsequent connection attempts from that user/host combination.

Fix 2

Create the user for the correct host

WHEN When the user exists for localhost but is connecting from another host.

Create the user for the correct host

CREATE USER 'appuser'@'%' IDENTIFIED BY 'secure_password';
GRANT SELECT, INSERT, UPDATE, DELETE ON myapp_db.* TO 'appuser'@'%';
FLUSH PRIVILEGES;

Why this works

MariaDB user accounts are identified by username AND hostname. 'appuser'@'localhost' and 'appuser'@'%' are two distinct accounts. The '%' wildcard matches any host.

What not to do

✕ Create a root user with an empty password

An unauthenticated root account is a critical security vulnerability. Always set a strong password for root.

Version notes

MariaDB 10.4+

The unix_socket authentication plugin is enabled by default for root on many Linux distributions, meaning root can log in without a password from the OS root user. This changes the expected authentication flow.

Sources

Official documentation ↗

MariaDB Server error code 1045 / ER_ACCESS_DENIED_ERROR

MariaDB authentication plugins ↗

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformMySQL Error Numbers

Code1045

ClassAccess Control

SeverityERROR

TierCommon

ConfidenceHIGH