As documented under PASSWORD()
:
Note
The
PASSWORD()
function is used by the authentication system in MySQL Server; you should not use it in your own applications. For that purpose, considerMD5()
orSHA2()
instead. Also see RFC 2195, section 2 (Challenge-Response Authentication Mechanism (CRAM)), for more information about handling passwords and authentication securely in your applications.
Also, if you're rolling your own authentication system (which I'd strongly discourage), you really should read both The definitive guide to form based website authentication and Secure hash and salt for PHP passwords.