Admin auth: password issue

I have node-red 4.0.9 running as a service using nssm, I set up the password using node-red-admin hash-pw. After a few days it seems that the password was changed automatically and I had to reset the password in settings.js again

Is this an issue or some setting that can be changed?

No, there is no way the password will change on it's own. The only way the password will change is if the settings.js file is edited.

If your Node-RED instance is exposed to the internet please make sure the username and password you pick are not trivially guessed (e.g. probably don't use "admin" as a username).

I would also double check all the tabs in your flows, especially scroll down and to the right to check nothing has been added.

1 Like

As Ben implies, if you have connected this instance of Node-RED (or the device that runs it) to the Internet, please disconnect immediately.

There is lots of information in this forum on connecting Node-RED to the Internet relatively safely. If your device or Node-RED instance has been compromised, you may need to reset everything and change passwords before continuing.