How to Fix MySQL ERROR 1698 (28000): Access denied for user ‘root’@’localhost’
On many modern Linux systems (especially Ubuntu/Debian with MySQL or MariaDB), you may see this when trying to log in: mysql -u root -p ERROR 1698 (28000): Access denied for user ‘root’@’localhost’ The password may be correct, but MySQL is using a different authentication method for the root user (like auth_socket), or the account has no password at all. Let’s walk through the common causes and fixes.
1. Understand why this error happens
ERROR 1698 (28000) means “authentication failed.” For root@localhost this usually happens because:
- The
rootaccount is configured to authenticate via the system user (socket/Unix auth), not with a password. - You are trying to log in over TCP with a password that root is not allowed to use.
- The password you think is set for root is simply not the same as MySQL has stored.
So we first need to see how the root user is defined inside MySQL.
2. Log in using sudo (Linux / Ubuntu / Debian)
On Ubuntu/Debian, MySQL root often uses socket authentication. You can log in this way:
sudo mysqlIf that drops you into the MySQL shell (mysql> prompt) without asking for a password, good. Now you can inspect and fix the account.
Run:
SELECT user, host, plugin FROM mysql.user;Look for the row where user = 'root' and host = 'localhost'.
You’ll probably see something like:
root | localhost | auth_socketor unix_socket. This means root logs in using the OS account, not a password.
3. Option A – Keep sudo login but create a separate admin user
Best practice is often to leave root as socket-auth only and create another MySQL user for apps and manual logins.
From the MySQL shell (entered via sudo mysql):
CREATE USER 'admin'@'localhost' IDENTIFIED BY 'StrongPasswordHere';
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;Now you can exit:
EXIT;And log in like:
mysql -u admin -pThis avoids changing system defaults and is usually the safest.
4. Option B – Change root to use password authentication
If you really want root to use a password (for example on a local dev machine), you can switch its plugin.
From sudo mysql:
ALTER USER 'root'@'localhost'
IDENTIFIED WITH mysql_native_password BY 'NewStrongPassword!';
FLUSH PRIVILEGES;Now root uses mysql_native_password and you can log in with:
mysql -u root -pEnter the new password you set.
Tip: on MySQL 8+, some distributions use
caching_sha2_password. You can also use that instead ofmysql_native_passwordif you prefer.
5. Option C – Grant root access over TCP for local tools
Some GUIs (phpMyAdmin, Adminer, HeidiSQL) connect via TCP (127.0.0.1) rather than socket. If root is only allowed from localhost with socket auth, they will fail.
If you changed root to use a password as in Option B, it should already work for both CLI and phpMyAdmin on the same server.
If you want a separate account for GUI only:
CREATE USER 'guiadmin'@'127.0.0.1' IDENTIFIED BY 'AnotherStrongPassword!';
GRANT ALL PRIVILEGES ON *.* TO 'guiadmin'@'127.0.0.1' WITH GRANT OPTION;
FLUSH PRIVILEGES;Then use guiadmin in your GUI config.
6. Fixing the error on fresh installs (mysql_secure_installation)
On some systems, after installing MySQL, you’re prompted to run:
sudo mysql_secure_installationIf you skipped setting a password or chose “Use Unix socket authentication,” then MySQL root cannot use a password at all.
You can re-run the tool or manually set the password via sudo mysql and the ALTER USER command from Option B.
7. Check for multiple MySQL instances or wrong socket
Sometimes you have MariaDB and MySQL both installed, or multiple versions, and your mysql command talks to a different server than you expect.
Check:
which mysql
mysql --versionAnd in MySQL shell:
SHOW VARIABLES LIKE 'socket';If you are editing one instance but your tools connect to another, users and passwords will not match. Make sure your client or phpMyAdmin is using the correct socket/port.
8. Quick reference commands
See all users and plugins
SELECT user, host, plugin FROM mysql.user;Switch root to password auth
ALTER USER 'root'@'localhost'
IDENTIFIED WITH mysql_native_password BY 'StrongPassword123!';
FLUSH PRIVILEGES;Create new full-privilege admin user
CREATE USER 'admin'@'localhost' IDENTIFIED BY 'StrongPassword123!';
GRANT ALL PRIVILEGES ON *.* TO 'admin'@'localhost' WITH GRANT OPTION;
FLUSH PRIVILEGES;9. Summary
To fix ERROR 1698 (28000): Access denied for user 'root'@'localhost':
- Log in using
sudo mysqlso you bypass the password check. - Decide whether you want to keep root as socket-auth only or allow password login.
- Either create a new admin user with full privileges (recommended for production) or switch the root user to
mysql_native_password/caching_sha2_passwordand set a strong password. - Make sure your tools (CLI, phpMyAdmin, Laravel, etc.) point at the correct MySQL instance and host (
localhostvs127.0.0.1).
Once auth plugin, password, and host line up, the error disappears and you can connect to MySQL without issues.
![How to Fix SQLSTATE[HY000] [1045] Access denied for user in Laravel and phpMyAdmin](https://devnote.in/wp-content/uploads/2025/11/How-to-fix-sqlstate-hy000-1045-access-denied-for-user-in-laravel-and-phpmyadmin.png "How to Fix SQLSTATE[HY000] [1045] Access denied for user in Laravel and phpMyAdmin")
