# Change passwords
**POST /_security/user/{username}/_password**
**All methods and paths for this operation:**
PUT
/_security/user/_password
POST
/_security/user/_password
PUT
/_security/user/{username}/_password
POST
/_security/user/{username}/_password
Change the passwords of users in the native realm and built-in users.
## Servers
- http://api.example.com: http://api.example.com ()
## Authentication methods
- Api key auth
- Basic auth
- Bearer auth
## Parameters
### Path parameters
- **username** (string)
The user whose password you want to change. If you do not specify this
parameter, the password is changed for the current user.
### Query parameters
- **refresh** (string)
If `true` (the default) then refresh the affected shards to make this operation visible to search, if `wait_for` then wait for a refresh to make this operation visible to search, if `false` then do nothing with refreshes.
### Body: application/json (object)
- **password** (string)
The new password value. Passwords must be at least 6 characters long.
- **password_hash** (string)
A hash of the new password value. This must be produced using the same
hashing algorithm as has been configured for password storage. For more details,
see the explanation of the `xpack.security.authc.password_hashing.algorithm`
setting.
## Responses
### 200
#### Body: application/json (object)
object
[Powered by Bump.sh](https://bump.sh)