Just noticed that Cloudflare now has a new service called "Access". This lets you apply a login layer using Cloudflare's servers rather than your own.
It is actually free for 5 users - that's not all that clear from their site and you do have to register either a credit card or PayPal even for free use. You can choose either of the 2 tiers, they are both completely free as long as you don't register more than 5 users.
I'm going to try this as soon as I get some time as it looks like a neat way to get secured access to Node-RED (at home lets say or on a VPS) without having to mess with security locally.
You do, of course, have to make sure that nobody can reach your Node-RED service except through Cloudflare so you need some kind of firewall in front of your service.
Thought I would let people know in case you are interested.