PostgreSQL Authentication

PostgreSQL Error 28P01: Authentication Failed (Fix Guide)

Fix PostgreSQL Error 28P01 password authentication failed. Covers pg_hba.conf, password reset, role creation, and connection methods.

Mar 12, 2026 5 min read

The Error Message

FATAL: password authentication failed for user "username"

What Causes PostgreSQL 28P01?

PostgreSQL Error 28P01 means the password you provided does not match the stored password for that user/role. This is strictly a password mismatch, not a host or permission issue.

Common Causes

Wrong password

The password in your connection string does not match what PostgreSQL has stored.

Role does not exist

The username you're trying to connect with hasn't been created as a PostgreSQL role.

Password was never set

The role was created with NOLOGIN or without a password.

pg_hba.conf requires md5 but password is scram-sha-256

Authentication method mismatch between pg_hba.conf and the stored password hash.

How to Fix It

Step 1: Reset the password

Connect as the postgres superuser and set a new password for the failing role.

-- Connect as superuser (postgres):
sudo -u postgres psql

-- Reset the password:
ALTER ROLE your_username WITH PASSWORD 'new_password';

Step 2: Check if the role exists

Verify the role exists and has LOGIN permission (rolcanlogin = true).

-- List all roles:
\du

-- Or query:
SELECT rolname, rolcanlogin FROM pg_roles;

Step 3: Create the role if missing

Create a new role with login ability and grant access to the target database.

CREATE ROLE your_username WITH LOGIN PASSWORD 'your_password';
GRANT ALL PRIVILEGES ON DATABASE your_db TO your_username;

Step 4: Check pg_hba.conf authentication method

pg_hba.conf controls how PostgreSQL authenticates connections. Make sure the method matches your setup.

-- Find pg_hba.conf location:
SHOW hba_file;

-- Edit the file and ensure the line matches:
# TYPE  DATABASE  USER      ADDRESS       METHOD
host    all       all       127.0.0.1/32  scram-sha-256

-- Reload config after changes:
SELECT pg_reload_conf();

How to Prevent This Error

Store database passwords in environment variables or a secrets manager. Document all database roles and their purposes. Use scram-sha-256 (PostgreSQL 10+) instead of md5 for better security.

Fix PostgreSQL Errors with AI2SQL

Instead of debugging SQL syntax manually, describe what you need in plain English and let AI2SQL generate the correct query for PostgreSQL.

Try AI2SQL Free

No credit card required

Frequently Asked Questions

What does PostgreSQL Error 28P01 mean?

It means the password you provided doesn't match what PostgreSQL has stored for that user. Either the password is wrong, the user doesn't exist, or the authentication method is misconfigured.

How do I reset a PostgreSQL password?

Connect as the postgres superuser: sudo -u postgres psql. Then run: ALTER ROLE username WITH PASSWORD 'newpassword';

What is pg_hba.conf?

pg_hba.conf (Host-Based Authentication) is the PostgreSQL config file that controls which users can connect from which hosts using which authentication methods.

Stop Debugging SQL Errors Manually

Describe what you need in plain English. AI2SQL generates correct PostgreSQL queries instantly.

Try AI2SQL Free

No credit card required