Change a User’s Password

Changed in version 2.6.


Strong passwords help prevent unauthorized access, and all users should have strong passwords. You can use the openssl program to generate unique strings for use in passwords, as in the following command:

openssl rand -base64 48


You must have the changeAnyPassword action on a database to modify the password of any user on that database.

To change your own password, you must have the changeOwnPassword action on your database. See Change Your Password and Custom Data.



Connect to MongoDB with the appropriate privileges.

Connect to the mongod or mongos with the privileges specified in the Prerequisites section.

The following procedure uses the siteUserAdmin created in Create a User Administrator.

mongo --port 27017 -u siteUserAdmin -p password --authenticationDatabase admin

Change the password.

Pass the user’s username and the new password to the db.changeUserPassword() method.

The following operation changes the reporting user’s password to SOh3TbYhxuLiW8ypJPxmt1oOfL:

db.changeUserPassword("reporting", "SOh3TbYhxuLiW8ypJPxmt1oOfL")