PostgreSQL Error 28P01: Invalid Password / Authentication Failed
FATAL: password authentication failed for user "postgres"
What is PostgreSQL Error 28P01?
PostgreSQL SQLSTATE 28P01 indicates that the client provided the correct username but the wrong password, or the authentication method in pg_hba.conf requires a password and none was provided.
Common Causes
- 1
Wrong password for the PostgreSQL user
- 2
Password was changed and the connection string was not updated
- 3
pg_hba.conf requires password (md5/scram-sha-256) but client sent none
- 4
Authentication method mismatch: client uses md5 but server requires scram-sha-256
- 5
Password contains special characters that were not properly escaped in the connection string
Step-by-Step Solutions
Reset the password as a superuser: ALTER USER username WITH PASSWORD 'new_password';
For locked-out root/postgres user: edit pg_hba.conf to use 'trust' temporarily, reload, reset password, restore to 'md5'
Check pg_hba.conf authentication method matches your client configuration
URL-encode special characters in the password if using a connection URL string
Verify the correct user name: \du in psql lists all users and their attributes
Prevention Tips
Use environment variables (PGPASSWORD or .pgpass file) for passwords, not connection string literals
Use secrets management tools (Vault, AWS Secrets Manager) for database credentials
Implement password expiration policies and update connection strings during rotation
Prefer scram-sha-256 over md5 in pg_hba.conf for better security
Frequently Asked Questions
How do I reset a PostgreSQL user password?
What is the difference between md5 and scram-sha-256 in PostgreSQL?
Related Errors
Still Stuck?
Ask our AI SQL Assistant or the community — get answers in seconds.