mysql (mariadb) ERROR 1698 (28000): Access denied for user 'root'@'localhost'

You need to reset the password. so for that

sudo mysql -u root
use mysql;
update user set plugin='' where User='root';
flush privileges;
exit;

The idea with the new set-up is that you shouldn't be using passwords at all. See UNIX_SOCKET Authentication Plugin for details.

What's especially relevant is the contents of /usr/share/doc/mariadb-server-10.0/README.Debian.gz on Ubuntu 16.04:

On new installs no root password is set and no debian-sys-maint user is created anymore. Instead the MariaDB root account is set to be authenticated using the unix socket, e.g. any mysqld invocation by root or via sudo will let the user see the mysqld prompt.

You may never ever delete the mysql user "root". Although it has no password is set, the unix_auth plugin ensure that it can only be run locally as the root user.

The credentials in /etc/mysql/debian.cnf specify the user which is used by the init scripts to stop the server and perform logrotation. This used to be the debian-sys-maint user which is no longer used as root can run directly.

So if you disable that plug-in for root and set a password, the daily cron job will break as it's assuming it will log in as root without a password, but with the plug-in.

Later it says:

Scripts should run as a user have have the required grants and be identified via unix_socket.

So it looks like passwords should no longer be used by applications.

I did it by running this command, right after installation:

$ sudo mysql_secure_installation

At first step, password is blank, so just press Enter.

I solved the problem following the answer from this post:

Can't reset MySQL (MariaDB) root password

One has to change the plugin field of mysql.user for all roots to a blank string.