Part of the MySQL installation process is to set up the
      mysql database that contains the grant tables:
    
Windows distributions contain preinitialized grant tables that are installed automatically.
On Unix, the grant tables are populated by the mysql_install_db program. Some installation methods run this program for you. Others require that you execute it manually. For details, see Section 2.1, “Unix Post-Installation Procedures”.
The grant tables define the initial MySQL user accounts and their access privileges. These accounts are set up as follows:
          Accounts with the user name root are
          created. These are superuser accounts that can do anything.
          The initial root account passwords are
          empty, so anyone can connect to the MySQL server as
          root — without a
          password — and be granted all privileges.
        
              On Windows, one root account is
              created; this account allows connecting from the local
              host only. The Windows installer will optionally create an
              account allowing for connections from any host only if the
              user selects the Enable root access from remote
              machines option during installation.
            
              On Unix, both root accounts are for
              connections from the local host. Connections must be made
              from the local host by specifying a host name of
              localhost for one of the accounts, or
              the actual host name or IP number for the other.
            
Two anonymous-user accounts are created, each with an empty user name. The anonymous accounts have no password, so anyone can use them to connect to the MySQL server.
              On Windows, one anonymous account is for connections from
              the local host. It has no global privileges. (Before MySQL
              5.1.16, it has all global privileges, just like the
              root accounts.) The other is for
              connections from any host and has all privileges for the
              test database and for other databases
              with names that start with test.
            
              On Unix, both anonymous accounts are for connections from
              the local host. Connections must be made from the local
              host by specifying a host name of
              localhost for one of the accounts, or
              the actual host name or IP number for the other. These
              accounts have all privileges for the
              test database and for other databases
              with names that start with test_.
            
As noted, none of the initial accounts have passwords. This means that your MySQL installation is unprotected until you do something about it:
If you want to prevent clients from connecting as anonymous users without a password, you should either assign a password to each anonymous account or else remove the accounts.
          You should assign a password to each MySQL
          root account.
        
      The following instructions describe how to set up passwords for
      the initial MySQL accounts, first for the anonymous accounts and
      then for the root accounts. Replace
      “newpwd” in the examples
      with the actual password that you want to use. The instructions
      also cover how to remove the anonymous accounts, should you prefer
      not to allow anonymous access at all.
    
You might want to defer setting the passwords until later, so that you don't need to specify them while you perform additional setup or testing. However, be sure to set them before using your installation for production purposes.
Anonymous Account Password Assignment
      To assign passwords to the anonymous accounts, connect to the
      server as root and then use either
      SET PASSWORD or
      UPDATE. In either case, be sure to
      encrypt the password using the
      PASSWORD() function.
    
      To use SET PASSWORD on Windows, do
      this:
    
shell>mysql -u rootmysql>SET PASSWORD FOR ''@'localhost' = PASSWORD('mysql>newpwd');SET PASSWORD FOR ''@'%' = PASSWORD('newpwd');
      To use SET PASSWORD on Unix, do
      this:
    
shell>mysql -u rootmysql>SET PASSWORD FOR ''@'localhost' = PASSWORD('mysql>newpwd');SET PASSWORD FOR ''@'host_name' = PASSWORD('newpwd');
      In the second SET PASSWORD
      statement, replace host_name with the
      name of the server host. This is the name that is specified in the
      Host column of the
      non-localhost record for
      root in the user table. If
      you don't know what host name this is, issue the following
      statement before using SET
      PASSWORD:
    
mysql> SELECT Host, User FROM mysql.user;
      Look for the record that has root in the
      User column and something other than
      localhost in the Host
      column. Then use that Host value in the second
      SET PASSWORD statement.
    
Anonymous Account Removal
If you prefer to remove the anonymous accounts instead, do so as follows:
shell>mysql -u rootmysql>DROP USER '';
      The DROP statement applies both to Windows and
      to Unix. On Windows, if you want to remove only the anonymous
      account that has the same privileges as root,
      do this instead:
    
shell>mysql -u rootmysql>DROP USER ''@'localhost';
That account allows anonymous access but has full privileges, so removing it improves security.
      root Account Password
      Assignment
    
      You can assign passwords to the root accounts
      in several ways. The following discussion demonstrates three
      methods:
    
          Use the SET PASSWORD statement
        
Use the mysqladmin command-line client program
          Use the UPDATE statement
        
      To assign passwords using SET
      PASSWORD, connect to the server as
      root and issue SET
      PASSWORD statements. Be sure to encrypt the password
      using the PASSWORD() function.
    
For Windows, do this:
shell>mysql -u rootmysql>SET PASSWORD FOR 'root'@'localhost' = PASSWORD('mysql>newpwd');SET PASSWORD FOR 'root'@'%' = PASSWORD('newpwd');
For Unix, do this:
shell>mysql -u rootmysql>SET PASSWORD FOR 'root'@'localhost' = PASSWORD('mysql>newpwd');SET PASSWORD FOR 'root'@'host_name' = PASSWORD('newpwd');
      In the second SET PASSWORD
      statement, replace host_name with the
      name of the server host. This is the same host name that you used
      when you assigned the anonymous account passwords.
    
      If the user table contains an account with
      User and Host values of
      'root' and '127.0.0.1', use
      an additional SET PASSWORD
      statement to set that account's password:
    
mysql> SET PASSWORD FOR 'root'@'127.0.0.1' = PASSWORD('newpwd');
      To assign passwords to the root accounts using
      mysqladmin, execute the following commands:
    
shell>mysqladmin -u root password "shell>newpwd"mysqladmin -u root -hhost_namepassword "newpwd"
      These commands apply both to Windows and to Unix. In the second
      command, replace host_name with the
      name of the server host. The double quotes around the password are
      not always necessary, but you should use them if the password
      contains spaces or other characters that are special to your
      command interpreter.
    
      The mysqladmin method of setting the
      root account passwords does not set the
      password for the 'root'@'127.0.0.1' account. To
      do so, use SET PASSWORD as shown
      earlier.
    
      You can also use UPDATE to modify
      the user table directly. The following
      UPDATE statement assigns a password
      to all root accounts:
    
shell>mysql -u rootmysql>UPDATE mysql.user SET Password = PASSWORD('->newpwd')WHERE User = 'root';mysql>FLUSH PRIVILEGES;
      The UPDATE statement applies both
      to Windows and to Unix.
    
After the passwords have been set, you must supply the appropriate password whenever you connect to the server. For example, if you want to use mysqladmin to shut down the server, you can do so using this command:
shell>mysqladmin -u root -p shutdownEnter password:(enter root password here)
        If you forget your root password after
        setting it up, How to Reset the Root Password, covers
        the procedure for resetting it.
      
      To set up additional accounts, you can use the
      GRANT statement. For instructions,
      see Section 4.2, “Adding User Accounts”.
    

