MySQL ERROR 1045 occurs when authentication fails during login. This happens when the username and password don't match, the user doesn't exist, or the host isn't allowed. The error appears immediately when connecting to MySQL and prevents database access until credentials are corrected.
MySQL ERROR 1045 (28000): Access denied for user is an authentication failure that occurs when a client attempts to connect to MySQL with invalid or insufficient credentials. When you try to log in, MySQL compares your provided username, password, and host against the mysql.user table and fails to find a matching authorized user. The error has two possible formats: - "Access denied for user 'username'@'localhost' (using password: YES)" - Password provided but rejected - "Access denied for user 'username'@'localhost' (using password: NO)" - No password provided but one is required Common scenarios where this error appears: - **Incorrect password**: You typed the wrong password for an existing user - **Wrong username**: The account name doesn't exist or is misspelled - **Host mismatch**: User exists but not for your connecting host - **No user created**: Attempting to log in with default credentials that were changed - **Permission restrictions**: Host is not whitelisted in mysql.user table - **Fresh installation**: Default root password wasn't set or has been changed - **Remote connection issues**: Trying to connect from a host not authorized in the user table
The most common cause of ERROR 1045 is simply typing the wrong username or password. Double-check your credentials carefully.
Test your connection with the mysql command-line client:
# Basic connection attempt
mysql -u username -p
# Enter password when prompted
# Connection with explicit hostname
mysql -u username -p -h localhost
# Connection with hostname and database
mysql -u username -p -h 127.0.0.1 database_name
# All parameters on command line (less secure)
mysql -u username -pYourPassword -h localhost database_nameIf you get the error, ensure:
1. Username is spelled correctly - MySQL usernames are case-sensitive
2. Password is correct - Check for typos, extra spaces, or caps lock
3. Host parameter is right - Use localhost or 127.0.0.1 for local connections
4. No extra characters - Spaces in passwords or usernames need proper escaping
Test with an empty password (if user was created without password):
# Try connecting without providing password
mysql -u root
# Or explicitly with no password
mysql -u root -p
# Just press Enter when prompted for passwordConnect as an administrator (usually root) to verify the user exists and check their configuration.
First, connect with root access:
# If you know root password
mysql -u root -p
# If root has no password
mysql -u root
# Or with localhost specified
mysql -u root -p -h localhostOnce connected, check existing users:
-- List all users in the mysql.user table
SELECT user, host FROM mysql.user;
-- Check specific user
SELECT user, host, authentication_string FROM mysql.user WHERE user = 'myuser';
-- See detailed information about a user
SELECT * FROM mysql.user WHERE user = 'myuser' \G
-- Check if user exists for specific host
SELECT user, host FROM mysql.user WHERE user = 'myuser' AND host = 'localhost';If the user doesn't exist, create it:
-- Create user for localhost only
CREATE USER 'newuser'@'localhost' IDENTIFIED BY 'password123';
-- Create user for any host (remote access)
CREATE USER 'newuser'@'%' IDENTIFIED BY 'password123';
-- Create user for specific IP address
CREATE USER 'newuser'@'192.168.1.100' IDENTIFIED BY 'password123';
-- Create multiple host entries for same user
CREATE USER 'myapp'@'localhost' IDENTIFIED BY 'password';
CREATE USER 'myapp'@'192.168.1.5' IDENTIFIED BY 'password';If user exists but needs password reset:
-- MySQL 8.0+
ALTER USER 'username'@'localhost' IDENTIFIED BY 'newpassword';
-- MySQL 5.7 and earlier
SET PASSWORD FOR 'username'@'localhost' = PASSWORD('newpassword');
-- Then apply changes
FLUSH PRIVILEGES;After creating or identifying the user, ensure they have proper permissions for the database they need to access.
Check current user permissions:
-- See what privileges a user has
SHOW GRANTS FOR 'myuser'@'localhost';
-- Check all permissions in detail
SELECT * FROM mysql.user WHERE user = 'myuser' \G
SELECT * FROM mysql.db WHERE user = 'myuser' \GGrant permissions to user:
-- Grant all privileges on specific database
GRANT ALL PRIVILEGES ON mydatabase.* TO 'myuser'@'localhost';
-- Grant specific privileges (read-only)
GRANT SELECT ON mydatabase.* TO 'myuser'@'localhost';
-- Grant multiple specific privileges
GRANT SELECT, INSERT, UPDATE, DELETE ON mydatabase.* TO 'myuser'@'localhost';
-- Grant privileges on all databases
GRANT ALL PRIVILEGES ON *.* TO 'myuser'@'localhost';
-- Grant with GRANT option (allows user to grant to others)
GRANT ALL PRIVILEGES ON mydatabase.* TO 'myuser'@'localhost' WITH GRANT OPTION;
-- Apply changes immediately
FLUSH PRIVILEGES;After granting privileges, test the connection:
# Disconnect from root and try new user
mysql -u myuser -p -h localhost mydatabaseA common issue is the user existing for localhost but connecting from an IP address (or vice versa). MySQL treats these as different users.
Check which hosts the user can connect from:
-- See all users and their allowed hosts
SELECT user, host FROM mysql.user ORDER BY user;
-- Check specific user's hosts
SELECT user, host FROM mysql.user WHERE user = 'myapp';Typical host scenarios and solutions:
Scenario 1: User exists only for localhost, but you're connecting from 127.0.0.1
-- 127.0.0.1 is not the same as localhost in MySQL
-- Create another entry for the IP address
CREATE USER 'myuser'@'127.0.0.1' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON mydatabase.* TO 'myuser'@'127.0.0.1';
-- Or use localhost (which typically resolves to 127.0.0.1)
mysql -u myuser -p -h localhost mydatabaseScenario 2: Local user exists but connecting from remote server
-- Create user for remote host's IP
CREATE USER 'myuser'@'192.168.1.50' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON mydatabase.* TO 'myuser'@'192.168.1.50';
-- Or allow connection from any host (less secure)
CREATE USER 'myuser'@'%' IDENTIFIED BY 'password';
GRANT ALL PRIVILEGES ON mydatabase.* TO 'myuser'@'%';Scenario 3: Check actual connection host
-- See current connection info
SELECT USER();
-- See which hosts current user can use
SELECT CURRENT_USER();Always apply changes:
FLUSH PRIVILEGES;If you're completely locked out (can't log in as root), you can reset the password by starting MySQL in safe mode.
Step 1: Stop MySQL server
# Linux/Mac
sudo systemctl stop mysql
# Or
sudo /usr/local/mysql/support-files/mysql.server stop
# macOS with Homebrew
brew services stop mysql
# Windows (if running as service)
net stop MySQL80Step 2: Start MySQL with skip-grant-tables
# Linux/Mac - start without password authentication
sudo mysqld_safe --skip-grant-tables &
# Windows
mysqld --skip-grant-tablesStep 3: Connect without password
# Connect to MySQL without authentication
mysql -u rootStep 4: Reset the root password
-- Flush privileges first (may be needed on some versions)
FLUSH PRIVILEGES;
-- MySQL 8.0+
ALTER USER 'root'@'localhost' IDENTIFIED BY 'new_password';
-- MySQL 5.7 and earlier
SET PASSWORD FOR 'root'@'localhost' = PASSWORD('new_password');
-- Exit
EXIT;Step 5: Restart MySQL normally
# Linux/Mac
sudo systemctl restart mysql
# macOS with Homebrew
brew services restart mysql
# Windows
net start MySQL80Step 6: Test with new password
mysql -u root -p
# Enter new_password when promptedEnsure the MySQL server is running and listening on the correct port before troubleshooting authentication.
Check if MySQL service is running:
# Linux - check service status
sudo systemctl status mysql
# macOS - check if running
brew services list | grep mysql
# Windows - check Services
sc query MySQL80
# Or use netstat/ss to check if port is listening
sudo netstat -tulpn | grep 3306
sudo ss -tulpn | grep 3306If not running, start MySQL:
# Linux
sudo systemctl start mysql
# macOS with Homebrew
brew services start mysql
# Windows
net start MySQL80
# Or direct command (various systems)
mysqld_safe &Verify MySQL is listening on the correct port:
# Test connection to localhost
mysql -h 127.0.0.1 -u root -p
# Test from command line with nc (netcat)
nc -zv localhost 3306
# Check MySQL configuration for port number
grep port /etc/mysql/mysql.conf.d/mysqld.cnf
# Or
grep port /etc/my.cnfCheck MySQL version and status:
# Get MySQL version
mysql --version
mysqld --version
# Check if MySQL is actually running (process list)
ps aux | grep mysqld
# Or on Windows
tasklist | findstr mysqldIf MySQL won't start, check the error log:
# Typical log locations
tail -f /var/log/mysql/error.log
tail -f /var/log/mysql/mysql.log
# Or check last lines
grep -i error /var/log/mysql/error.log | tail -20MySQL User Authentication Architecture:
The mysql.user table stores user account information and authentication credentials. When you attempt to connect, MySQL performs these steps:
1. User Lookup: Searches for a matching row in mysql.user with username, host, and optional password
2. Host Resolution: localhost is treated differently than 127.0.0.1 - they are separate user accounts
3. Password Verification: Compares provided password against stored hash (SCRAM in MySQL 8.0+)
4. Host Checking: Checks if connecting host matches allowed host pattern (%, wildcard, specific IP)
MySQL User Matching Rules:
- Users are identified by (username, host) combination
- Host can be: 'localhost', '127.0.0.1', specific IP, 'hostname', or '%' (any host)
- More specific hosts take precedence over '%'
- Anonymous users (empty username) are less specific than named users
Common Host Patterns:
- 'localhost' - Unix socket connection only (local)
- '127.0.0.1' - TCP/IP connection from local machine
- '192.168.1.%' - Any host in 192.168.1.0/24 subnet
- '%' - Any host (allow remote connections)
- Specific IP like '192.168.1.50' - Only from that IP
MySQL 8.0+ Authentication Changes:
- Default authentication plugin changed from mysql_native_password to caching_sha2_password
- Some older clients may fail if server uses caching_sha2_password
- Fix by changing user authentication plugin:
ALTER USER 'username'@'localhost' IDENTIFIED WITH mysql_native_password BY 'password';Fresh MySQL Installation:
- On Linux, root usually created with auth_socket plugin (no password needed locally)
- On Windows/Mac, root typically created with temporary password in error log
- First login may require temporary password change
Debugging Authentication:
- Enable authentication logging:
SET GLOBAL general_log = 'ON';
SET GLOBAL log_output = 'TABLE';
SELECT * FROM mysql.general_log WHERE command_type = 'Connect';- Check failed login attempts in general log
- Look at MySQL error log for authentication messages
- Use verbose flag: mysql -v username
Security Best Practices:
1. Principle of Least Privilege: Create separate users for each application with only needed privileges
2. Strong Passwords: Use complex passwords, at least 12 characters
3. No Remote Root: Create 'root'@'localhost' only, never 'root'@'%'
4. Regular Audits: Review user list and privileges periodically
5. Application Users: Create dedicated users for each app instead of sharing root
6. Host Restrictions: Use specific IPs when possible instead of '%'
7. Password Management: Store passwords in secure vaults, never in code or config files
8. Monitoring: Log and alert on failed authentication attempts
Typical User Setup for Applications:
-- Create application-specific user (not root)
CREATE USER 'myapp'@'localhost' IDENTIFIED BY 'strong_password_here';
-- Grant only needed privileges (example for web application)
GRANT SELECT, INSERT, UPDATE, DELETE ON myapp_database.* TO 'myapp'@'localhost';
-- No administrative privileges - prevents accidental damage
-- No privileges on other databases - limits impact of compromised credentials
FLUSH PRIVILEGES;Troubleshooting Checklist:
□ Is MySQL server running? (systemctl status, brew services list, or tasklist)
□ Is port 3306 listening? (netstat, ss, or nc)
□ Did you use correct username? (case-sensitive)
□ Did you use correct password? (spaces, special chars)
□ Does user exist in mysql.user table? (SHOW GRANTS, SELECT from mysql.user)
□ Does user host match your connection source? (localhost vs 127.0.0.1 vs IP)
□ Does user have privileges for target database? (SHOW GRANTS)
□ Is user account locked? (check account_locked in mysql.user)
□ Are you connecting to the right MySQL instance? (multiple installs on same machine?)
EE_WRITE (3): Error writing file
How to fix "EE_WRITE (3): Error writing file" in MySQL
CR_PARAMS_NOT_BOUND (2031): No data supplied for parameters
How to fix "CR_PARAMS_NOT_BOUND (2031): No data supplied for parameters" in MySQL
CR_DNS_SRV_LOOKUP_FAILED (2070): DNS SRV lookup failed
How to fix "CR_DNS_SRV_LOOKUP_FAILED (2070): DNS SRV lookup failed" in MySQL
ERROR 1146: Table 'database.table' doesn't exist
How to fix "ERROR 1146: Table doesn't exist" in MySQL
ERROR 1040: Too many connections
How to fix "ERROR 1040: Too many connections" in MySQL