The most basic method is to use psql. The \password command will prompt you once for a new password and again to confirm. Connect to psql and type the following:

\password

Enter a new password. This causes psql to send a SQL statement to the PostgreSQL server, which contains an already encrypted password string. An example of the SQL statement sent, is as follows:

ALTER USER postgres PASSWORD ' md53175bce1d3201d16594cebf9d7eb3f9d';

Whatever you do, don't use postgres as your password. This will make you vulnerable to idle hackers, so make it a little more difficult than that, please!

Make sure you don't forget your password either. It may prove difficult to maintain your database if you can't get access to it later.

As changing the password is just a SQL statement, any interface can do this. Other tools also allow this, such as the following:

If you don't use one of the main routes to change the password, you can still do this yourself using SQL from any interface. Note that you need to encrypt your password because if you do submit a password in plain text, like the following, then it will be shipped to the server in plain text:

ALTER USER myuser PASSWORD 'secret'

Luckily the password in this case will still be stored in an encrypted form. It will also be recorded in plain text in psql's history file, as well as in any server and application logs, depending on the actual log-level settings.

PostgreSQL doesn't enforce a password change cycle, so you may wish to use more advanced authentication mechanisms such as GSSAPI, SSPI, LDAP, RADIUS, and so on.