diff --git a/doc/EN/app_tahoelafs.org b/doc/EN/app_tahoelafs.org
index 25a8e1c4..fe13fbea 100644
--- a/doc/EN/app_tahoelafs.org
+++ b/doc/EN/app_tahoelafs.org
@@ -30,9 +30,9 @@ Using cursor keys, space bar and Enter key select *Administrator controls* and t
 Select *Add/Remove Apps* then *tahoelafs*. This system is entirely based upon use of onion addresses and so no other demaon names are needed.
 
 * Initial setup
-Go to the *About* screen on the *Administrator control panel* and look for the onion address for *tahoelafs* within the list of domains. Enter that into a Tor compatible browser. You can then use the interface to upload files and obtain URLs for them.
+Get the login password for your Tahoe-LAFS system by going to *Passwords* on the *Administrator control panel* and selecting *tahoelafs*.
 
-The URL contains the public key needed to decrypt the file. Make a copy of it and then store it somewhere safe, because it won't be stored anywhere else by default and having the URL is the only way to retrieve your file.
+Go to the *About* screen on the *Administrator control panel* and look for the onion address for *tahoelafs* within the list of domains. Enter that into a Tor compatible browser. along with your username and the tahoelafs password. You can then use the interface to upload files and obtain URLs for them. The URL contains the public key needed to decrypt the file.
 
 * Adding more servers
 You can add more servers to the system to increase its storage capacity. In a typical Tahoe-LAFS new data storage servers are automatically discovered via an introducer node, but that creates a single centralised point of failure. The installation on Freedombone has no introducer node and so details for the servers of your friends need to be entered manually.
diff --git a/src/freedombone-app-tahoelafs b/src/freedombone-app-tahoelafs
index 9635e1fa..4ce986c2 100755
--- a/src/freedombone-app-tahoelafs
+++ b/src/freedombone-app-tahoelafs
@@ -15,7 +15,7 @@
 # License
 # =======
 #
-# Copyright (C) 2016-2017 Bob Mottram <bob@freedombone.net>
+# Copyright (C) 2014-2017 Bob Mottram <bob@freedombone.net>
 #
 # This program is free software: you can redistribute it and/or modify
 # it under the terms of the GNU Affero General Public License as published by
@@ -58,6 +58,40 @@ tahoelafs_variables=(ONION_ONLY
                      TAHOELAFS_SHARES_HAPPY
                      TAHOELAFS_SHARES_TOTAL)
 
+function add_user_tahoelafs {
+    if [[ $(app_is_installed tahoelafs) == "0" ]]; then
+        echo '0'
+        return
+    fi
+
+    new_username="$1"
+    new_user_password="$2"
+    ${PROJECT_NAME}-pass -u $new_username -a tahoelafs -p "$new_user_password"
+    if grep "${new_username}:" /etc/nginx/.htpasswd-tahoelafs; then
+        sed -i '/${new_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+    fi
+    echo "${new_user_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${new_username}
+    echo '0'
+}
+
+function remove_user_tahoelafs {
+    remove_username="$1"
+    ${PROJECT_NAME}-pass -u $remove_username --rmapp tahoelafs
+    if grep "${remove_username}:" /etc/nginx/.htpasswd-tahoelafs; then
+        sed -i '/${remove_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+    fi
+}
+
+function change_password_tahoelafs {
+    change_username="$1"
+    change_password="$2"
+    ${PROJECT_NAME}-pass -u $change_username -a tahoelafs -p "$change_password"
+    if grep "${change_username}:" /etc/nginx/.htpasswd-tahoelafs; then
+        sed -i '/tahoe-${change_username}:/d' /etc/nginx/.htpasswd-tahoelafs
+    fi
+    echo "${change_password}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${change_username}
+}
+
 function add_tahoelafs_storage_node_interactive {
     data=$(tempfile 2>/dev/null)
     trap "rm -f $data" 0 1 2 5 15
@@ -350,6 +384,9 @@ function remove_tahoelafs {
         rm -rf /home/tahoelafs
     fi
     remove_app tahoelafs
+    if [ -f /etc/nginx/.htpasswd-tahoelafs ]; then
+        shred -zu /etc/nginx/.htpasswd-tahoelafs
+    fi
     systemctl reload tor
 }
 
@@ -566,6 +603,8 @@ function create_tahoelafs_web {
     echo "  root /var/www/tahoelafs/htdocs;" >> $tahoelafs_nginx_site
     echo '' >> $tahoelafs_nginx_site
     echo '  location / {' >> $tahoelafs_nginx_site
+    echo "    # auth_basic \"${TAHOELAFS_LOGIN_TEXT}\";" >> $tahoelafs_nginx_site
+    echo '    # auth_basic_user_file /etc/nginx/.htpasswd-tahoelafs;' >> $tahoelafs_nginx_site
     function_check nginx_limits
     nginx_limits tahoelafs '15m'
     echo '    rewrite /(.*) /$1 break;' >> $tahoelafs_nginx_site
@@ -578,6 +617,16 @@ function create_tahoelafs_web {
     echo '  }' >> $tahoelafs_nginx_site
     echo '}' >> $tahoelafs_nginx_site
 
+    TAHOELAFS_ADMIN_PASSWORD="$(create_password ${MINIMUM_PASSWORD_LENGTH})"
+    ${PROJECT_NAME}-pass -u $MY_USERNAME -a tahoelafs -p "$TAHOELAFS_ADMIN_PASSWORD"
+    if [ ! -f /etc/nginx/.htpasswd-tahoelafs ]; then
+        touch /etc/nginx/.htpasswd-tahoelafs
+    fi
+    if grep "${MY_USERNAME}:" /etc/nginx/.htpasswd-tahoelafs; then
+        sed -i '/${MY_USERNAME}:/d' /etc/nginx/.htpasswd-tahoelafs
+    fi
+    echo "${TAHOELAFS_ADMIN_PASSWORD}" | htpasswd -i -s /etc/nginx/.htpasswd-tahoelafs ${MY_USERNAME}
+
     function_check nginx_ensite
     nginx_ensite tahoelafs
     systemctl reload nginx
diff --git a/website/EN/app_tahoelafs.html b/website/EN/app_tahoelafs.html
index b32c03a6..7afb4109 100644
--- a/website/EN/app_tahoelafs.html
+++ b/website/EN/app_tahoelafs.html
@@ -3,7 +3,7 @@
 "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" lang="en" xml:lang="en">
 <head>
-<!-- 2017-03-09 Thu 19:21 -->
+<!-- 2017-03-09 Thu 22:39 -->
 <meta http-equiv="Content-Type" content="text/html;charset=utf-8" />
 <meta name="viewport" content="width=device-width, initial-scale=1" />
 <title></title>
@@ -251,9 +251,9 @@ for the JavaScript code in this tag.
 This is a robust system for encrypted file storage on one or more server. Files are accessed via a URL which contains the public key with which it was encrypted.
 </p>
 
-<div id="outline-container-org820575c" class="outline-2">
-<h2 id="org820575c">Installation</h2>
-<div class="outline-text-2" id="text-org820575c">
+<div id="outline-container-org852db43" class="outline-2">
+<h2 id="org852db43">Installation</h2>
+<div class="outline-text-2" id="text-org852db43">
 <p>
 Log into your system with:
 </p>
@@ -273,22 +273,22 @@ Select <b>Add/Remove Apps</b> then <b>tahoelafs</b>. This system is entirely bas
 </div>
 </div>
 
-<div id="outline-container-org4af4c28" class="outline-2">
-<h2 id="org4af4c28">Initial setup</h2>
-<div class="outline-text-2" id="text-org4af4c28">
+<div id="outline-container-org11f3747" class="outline-2">
+<h2 id="org11f3747">Initial setup</h2>
+<div class="outline-text-2" id="text-org11f3747">
 <p>
-Go to the <b>About</b> screen on the <b>Administrator control panel</b> and look for the onion address for <b>tahoelafs</b> within the list of domains. Enter that into a Tor compatible browser. You can then use the interface to upload files and obtain URLs for them.
+Get the login password for your Tahoe-LAFS system by going to <b>Passwords</b> on the <b>Administrator control panel</b> and selecting <b>tahoelafs</b>.
 </p>
 
 <p>
-The URL contains the public key needed to decrypt the file. Make a copy of it and then store it somewhere safe, because it won't be stored anywhere else by default and having the URL is the only way to retrieve your file.
+Go to the <b>About</b> screen on the <b>Administrator control panel</b> and look for the onion address for <b>tahoelafs</b> within the list of domains. Enter that into a Tor compatible browser. along with your username and the tahoelafs password. You can then use the interface to upload files and obtain URLs for them. The URL contains the public key needed to decrypt the file.
 </p>
 </div>
 </div>
 
-<div id="outline-container-org0225e9a" class="outline-2">
-<h2 id="org0225e9a">Adding more servers</h2>
-<div class="outline-text-2" id="text-org0225e9a">
+<div id="outline-container-org2810eb5" class="outline-2">
+<h2 id="org2810eb5">Adding more servers</h2>
+<div class="outline-text-2" id="text-org2810eb5">
 <p>
 You can add more servers to the system to increase its storage capacity. In a typical Tahoe-LAFS new data storage servers are automatically discovered via an introducer node, but that creates a single centralised point of failure. The installation on Freedombone has no introducer node and so details for the servers of your friends need to be entered manually.
 </p>