PostgreSQL 28P01 — Invalid Password Error

PostgreSQL Error 28P01: invalid_password

Error 28P01 means the client provided a password that does not match the stored password for the specified user. Authentication was attempted but failed.

Error Format

FATAL:  password authentication failed for user "myuser"

Common Causes

1. Wrong password:

-- Reset the password (connect as superuser)
ALTER USER myuser WITH PASSWORD 'new_password';

2. Authentication method mismatch (pg_hba.conf):

# pg_hba.conf controls how clients authenticate
# Common methods:
# trust    - no password needed (development only!)
# md5      - MD5 password hashing
# scram-sha-256 - strongest (PostgreSQL 10+)
# peer     - OS username must match DB username
# ident    - similar to peer, for TCP connections

# Example: allow password auth from local network
host  all  all  192.168.0.0/24  scram-sha-256

After editing pg_hba.conf:

sudo systemctl reload postgresql

3. Password stored with different hash method: If pg_hba.conf requires scram-sha-256 but the password was set when md5 was the default:

-- Re-set password to use the current method
SET password_encryption = 'scram-sha-256';
ALTER USER myuser WITH PASSWORD 'same_password';

4. Connection string encoding: Special characters in passwords need URL encoding:

postgresql://user:p%40ss@host:5432/db  # @ encoded as %40

Debugging Steps

1. Verify you can connect with psql: psql -U myuser -d mydb
2. Check pg_hba.conf for the matching connection rule
3. Check which auth method is being used
4. Verify the password works with a simple client
5. Check for password encoding issues in connection strings

Docker-Specific Issues

The POSTGRES_PASSWORD environment variable sets the superuser password only on first initialization. If you change it after the data directory exists, the old password persists:

# Reset: remove the volume and reinitialize
docker compose down -v
docker compose up -d