As there is an option to create password specifically to update IP - it's not a problem to use that plain password, but still would've been nice if everything worked as documented.

In the control panel, if you go into the Manage Credentials area, you can setup a password specifically for IP update different from your account password. You can also use either MD5 or SHA2-256 hash of the password if you don't want to specify it in plain text.

I'm using the official client for Ubuntu.
While plain password works fine, md5/sha256 hash always leads to Bad Authentication.

[ENGINE] Status Code: Bad Authentication
[ENGINE] IP address update aborted due to invalid credentials.