How secure is using the MD5 hash with the MySQL's PASSWORD() function?

No. Using MD5 in the way you show doesn't help security at all. And you don't seem to be using a salt, which is even worse.You shouldn't use MySQL's PASSWORD() function. That function was deprecated in MySQL 5.7.6 and it will be removed in a future version of MySQL. Even before MySQL 5.7, it was documented in the MySQL manual that the PASSWORD() function was for MySQL passwords only, not for your own application, or any other purpose. Even MySQL is moving away from that function.SHA-256 is the current minimum strength cryptographic hashing function recommended for use with sensitive data such as passwords or digital signatures. SHA-256 has been supported as a builtin function in MySQL since version 5.5, released in 2010.It's even better to use a key-stretching algorithm. A good example is https://en.wikipedia.org/wiki/Bcrypt.Recommendations from other answers on this thread to use SHA1 are outdated. Don't use SHA1. See https://konklone.com/post/why-google-is-hurrying-the-web-to-kill-sha-1Recommendations to use digits or punctuation characters are misguided. It's better to use a longer password based on pronounceable words. The following cartoon on https://xkcd.com/936/ illustrates why. There are legitimate uses for weaker hashing functions like MD5 or SHA1. They're useful for calculating a quick hash string for your application's internal data, so you can compare it to the hash of some other copy of the data to see if the data has changed. It's an advantage that these simpler hashing algorithms are quick.But these functions aren't good when you need secure cryptographic hashing.

nope MD5 without a Salt is not secure, if someone got your hashes they can be easily bruteforced out or even a dictionary attack is feasible ... never ever just md5 , use salt as well http://en.wikipedia.org/wiki/Salt_(cryptography) give this site a md5 hash and see what happens http://www.md5decrypt.org/ do something like md5($passwod + salt) or or even nested md5s and save the salt as well so that you can decrypt later on ..

The answer will depend upon the constraints imposed on the user in creating the password. As the others have suggested, it is a good idea to use a password salt, but it is not mandatory if you, as the owner of the site, impose sensible password guidelines.In general, the following guidelines will help you generate a sufficiently secure password, regardless of whether or not you use a salt:i. The password should be at least 12 characters; ii. There are no known words in the password (use a dictionary to verify this);iii. There are at least three uppercase letters in the password;iv. There are at least three lowercase letters in the password; v. There are at least three digits in the password;vi. There are at least three special characters in the password;vii. (iii.), (iv.), (v.) and (vi.) should alternate—that is, there should be no consecutive occurrences of any category (iii.), (iv.), (v.), (vi.).Here's an example of such a password: Q7h#cY/3t%1LNow, the last requirement will make choosing a password a bit taxing on your users, but it will definitely make the password secure enough that seeing an MD5 hash isn't going to do the hacker any good.