Each account name uses the format described in
Section 6.2.3, “Specifying Account Names”. If you specify only the user
name part of the account name, a host name part of
'%' is used. If is also possible to specify
CURRENT_USER(), to refer to the
account associated with the current session.
For each account,
expires its password. For example:
ALTER USER 'jeffrey'@'localhost' PASSWORD EXPIRE;
Password expiration for an account affects the corresponding row
mysql.user table: The server sets the
password_expired column to
A client session operates in restricted mode if the account
password has been expired. In restricted mode, operations
performed in the session result in an error until the user
SET PASSWORD statement
to establish a new account password:
SELECT 1;ERROR 1820 (HY000): You must SET PASSWORD before executing this statement mysql>
SET PASSWORD = PASSWORD('Query OK, 0 rows affected (0.01 sec) mysql>
SELECT 1;+---+ | 1 | +---+ | 1 | +---+ 1 row in set (0.00 sec)
As of MySQL 5.6.8, this restricted mode of operation permits
statements, which is useful if the account password uses a
hashing format that requires
old_passwords to be set to a
value different from its default.
It is also possible for an administrative user to reset the account password, but any existing sessions for the account remain restricted. Clients using the account must disconnect and reconnect before statements can be executed successfully.
It is possible to “reset” a password by setting it to its current value. As a matter of good policy, it is preferable to choose a different password.