How to fix MariaDB 3136 You must change your password before executing this statement?

Change the expired password: Clears the password-expired flag and allows normal query execution.

How to fix MariaDB 3136 You must change your password before executing this statement?

As administrator, reset on behalf of user: Resets the password and clears the expiry flag.

3136

MariaDBERRORCommonAccess ControlHIGH confidence

You must change your password before executing this statement

Production Risk

High — expired passwords block all application queries; monitor password expiry proactively.

What this means

The connected user account has the password-expired flag set and must change their password before executing any other statement. This enforces mandatory password rotation policies.

Why it happens

1The user account was created with PASSWORD EXPIRE or an administrator ran ALTER USER ... PASSWORD EXPIRE.
2The password_lifetime policy expired the password automatically.

How to reproduce

trigger — this will error

SELECT 1;  -- while connected as a user with an expired password

expected output

ERROR 3136 (HY000): You must reset your password using ALTER USER statement before executing this statement.

Fix 1

Change the expired password

ALTER USER USER() IDENTIFIED BY 'NewStrongPass!1';

Why this works

Clears the password-expired flag and allows normal query execution.

Fix 2

As administrator, reset on behalf of user

ALTER USER 'app_user'@'%' IDENTIFIED BY 'NewStrongPass!1';

Why this works

Resets the password and clears the expiry flag.

What not to do

Sources

Official documentation ↗

MySQL 8.0 — 3136 ER_MUST_CHANGE_PASSWORD_LOGIN2

Content generated with AI assistance and reviewed for accuracy. Found an error? hello@errcodes.dev

At a glance

PlatformMariaDB Error Codes

Code3136

ClassAccess Control

SeverityERROR

TierCommon

ConfidenceHIGH