Common Causes and Fixes for MySQL Error 1045 (Access Denied)

When working with MySQL or acting as a MySQL DBA, you may encounter the error "ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)" even though the username and password appear correct.

1. Wrong Host

If you omit the -h flag, the client tries to connect to the local instance, which may not be the intended server.

[root@localhost ~]# mysql -u root -p123456

mysql: [Warning] Using a password on the command line interface can be insecure.

ERROR 1045 (28000): Access denied for user 'root'@'localhost' (using password: YES)

Fix: Specify the correct host and port.

[root@localhost ~]# mysql -u root -p123456 -h <IP> -P 3306

2. User Does Not Exist

Attempting to log in with a user that is not defined results in the same error.

[root@localhost ~]# mysql -u nonexistant -p123456 -h localhost

ERROR 1045 (28000): Access denied for user 'nonexistant'@'localhost' (using password: YES)

Fix: Verify the user exists.

mysql> SELECT User FROM mysql.user WHERE User='nonexistant';

If the result set is empty, create the user:

mysql> CREATE USER 'nonexistant'@'localhost' IDENTIFIED BY 'sekret';

Query OK, 0 rows affected (0.00 sec)

mysql> FLUSH PRIVILEGES;

3. User Exists but Host Is Not Authorized

The user may exist, but the host part of the account does not match the client’s IP.

[root@localhost ~]# mysql -u nonexistant -p123456

ERROR 1045 (28000): Access denied for user 'nonexistant'@'localhost' (using password: YES)

Fix: Check the Host column for the user and create an entry that matches the client IP, or use a wildcard.

mysql> SELECT Host, User FROM mysql.user WHERE User='nonexistant';

+-------------+-------------+

| Host        | User        |

+-------------+-------------+

| 192.168.0.1 | nonexistant |

+-------------+-------------+

Then create a user that allows any host:

mysql> CREATE USER 'nonexistant'@'%' IDENTIFIED BY '123456';

4. Wrong Password or Forgotten Password

If the password does not match the stored hash, authentication fails.

mysql> SELECT Host, User, authentication_string, PASSWORD('forgotten') FROM mysql.user WHERE User='nonexistant';

Compare the authentication_string with the hash of the supplied password; if they differ, reset the password.

mysql> SET PASSWORD FOR 'nonexistant'@'%' = 'hello$!world';

5. Special Characters in Bash Password

Bash interprets characters such as $ and !. Wrap the password in single quotes.

[root@localhost ~]# mysql -u nonexistant -p'hello$!world'

6. SSL Required but Not Used

If the account requires SSL, connecting without SSL yields error 1045.

Fix: Add the --ssl-mode=REQUIRED (or the deprecated -ssl) flag.

[root@localhost ~]# mysql -u ssluser -p123456 --ssl-mode=REQUIRED

Recovering From a Locked Account

When all else fails, start MySQL with skip-grant-tables (and optionally -skip-networking for older versions) to gain unrestricted access, then reset passwords or recreate users, and finally restart MySQL without those options.

Steps:

Stop the MySQL instance.

Edit my.cnf and add skip-grant-tables under [mysqld] (and -skip-networking for pre‑8.0 versions).

Start the instance.

Connect as root: mysql -uroot -hlocalhost Issue the necessary GRANT, CREATE USER, or SET PASSWORD statements.

Stop the instance again.

Remove the temporary options from my.cnf and restart MySQL.

You should now be able to log in with the corrected credentials.

The article lists these causes from the most common to the more complex, helping readers quickly identify and fix MySQL 1045 errors.