After setting root password why does MYSQL still allow me to login without a password?
Looks like the password is set on the 'root'@'localhost'
user entry, but not on the 'root'@'%'
entry; password-free authentication would be allowed based on that.
For security purposes, reconsider allowing root access from anywhere. If you do need it, then just get rid of the localhost specifications:
drop user 'root'@'localhost';
drop user 'root'@'127.0.0.1';
drop user 'root'@'::1';
And set the password for the 'root'@'%'
user:
set password for 'root'@'%' = password('passwordhere');
Well, the answer is right in that table - you need to remove the "root" lines that have no password listed.
Also, looks like you allow connections from anywhere (?!?!) when using no user or pass. Probably a bad idea. I'd do something like:
mysql> use mysql;
mysql> delete from user where password = "";