Which Table Does Mysql Store Password

Hey there! Today we’re going to dive deep into the world of MySQL databases and explore the intriguing question of where exactly MySQL stores its passwords. As a tech enthusiast and MySQL aficionado, this topic has always fascinated me, so let’s get started!

When it comes to securing passwords in a MySQL database, the answer lies within the system database named “mysql”. This database contains a table called “user” which stores all the user information, including passwords, privileges, and other relevant data.

The “user” table is the gatekeeper to the MySQL kingdom. It holds the keys to authenticate users and control their access to different databases and tables. So, if you’re ever curious about where your password is stored, this table is where the magic happens.

Within the “user” table, you’ll find a column named “authentication_string”. This column is responsible for storing the users’ passwords in an encrypted format. In recent versions of MySQL, there is also a deprecated column named “password” which serves the same purpose.

Now, let’s talk about the magic behind password encryption in MySQL. When you create a new user or update an existing user’s password, MySQL uses a hashing algorithm to convert the plaintext password into an irreversible hash value. This hash value is what gets stored in the “authentication_string” or “password” column of the “user” table.

MySQL uses various hashing algorithms, including the popular MD5 and SHA-256, to transform the passwords. Additionally, MySQL also employs a technique called “salting” to add an extra layer of security. Salting involves appending a random string of characters to the user’s plaintext password before hashing it. This makes it even more difficult for hackers to crack the passwords using brute-force attacks or rainbow tables.

Keep in mind that MySQL’s password-encryption mechanism has evolved over time. In older versions, MySQL used a simpler hashing mechanism called “OLD_PASSWORD”. However, this method is no longer recommended due to its vulnerabilities to certain types of attacks.

In recent versions of MySQL, the default authentication method has been updated to use a more secure hashing algorithm called “caching_sha2_password”. This algorithm provides stronger protection against password cracking attempts and is generally considered to be more robust.

So, to sum it all up, MySQL stores passwords in the “user” table of the “mysql” database. The passwords are stored in an encrypted format using various hashing algorithms and can also be supplemented with a random salt for added security.


Exploring the inner workings of MySQL and understanding how passwords are stored is a fascinating journey. By delving into the “user” table of the “mysql” database, we uncovered the secrets behind MySQL’s password encryption mechanism.

As technology advances and new security threats emerge, MySQL continues to improve its password storage mechanisms to ensure the safety of user credentials. So, the next time you log in to your MySQL database, remember that your password is securely stored in the “user” table, shielded by advanced encryption techniques.

Happy MySQLing!