diff --git a/minetest.conf.example b/minetest.conf.example
index 7a8a2719c..ebfa70aac 100644
--- a/minetest.conf.example
+++ b/minetest.conf.example
@@ -152,6 +152,8 @@
 #enable_pvp = true
 # If this is set, players will always (re)spawn at the given position
 #static_spawnpoint = 0, 10, 0
+# If true, new players cannot join with an empty password
+#disallow_empty_password = false
 
 # Profiler data print interval. #0 = disable.
 #profiler_print_interval = 0
diff --git a/src/defaultsettings.cpp b/src/defaultsettings.cpp
index f13ab3670..13cfab72b 100644
--- a/src/defaultsettings.cpp
+++ b/src/defaultsettings.cpp
@@ -119,6 +119,7 @@ void set_default_settings(Settings *settings)
 	settings->setDefault("default_privs", "interact, shout");
 	settings->setDefault("unlimited_player_transfer_distance", "true");
 	settings->setDefault("enable_pvp", "true");
+	settings->setDefault("disallow_empty_password", "false");
 
 	settings->setDefault("profiler_print_interval", "0");
 	settings->setDefault("enable_mapgen_debug_info", "false");
diff --git a/src/server.cpp b/src/server.cpp
index 212be19ae..a7bd5e953 100644
--- a/src/server.cpp
+++ b/src/server.cpp
@@ -2089,41 +2089,50 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
 				<<m_con.GetPeerAddress(peer_id).serializeString()<<std::endl;
 
 		// Get password
-		char password[PASSWORD_SIZE];
+		char given_password[PASSWORD_SIZE];
 		if(datasize < 2+1+PLAYERNAME_SIZE+PASSWORD_SIZE)
 		{
 			// old version - assume blank password
-			password[0] = 0;
+			given_password[0] = 0;
 		}
 		else
 		{
 			for(u32 i=0; i<PASSWORD_SIZE-1; i++)
 			{
-				password[i] = data[23+i];
+				given_password[i] = data[23+i];
 			}
-			password[PASSWORD_SIZE-1] = 0;
+			given_password[PASSWORD_SIZE-1] = 0;
 		}
 
-		if(!base64_is_valid(password)){
-			infostream<<"Server: "<<playername<<" supplied invalid password hash"<<std::endl;
+		if(!base64_is_valid(given_password)){
+			infostream<<"Server: "<<playername
+					<<" supplied invalid password hash"<<std::endl;
 			SendAccessDenied(m_con, peer_id, L"Invalid password hash");
 			return;
 		}
 		
-		std::string checkpwd;
+		std::string checkpwd; // Password hash to check against
 		bool has_auth = scriptapi_get_auth(m_lua, playername, &checkpwd, NULL);
 		
+		// If no authentication info exists for user, create it
 		if(!has_auth){
+			if(!isSingleplayer() &&
+					g_settings->getBool("disallow_empty_password") &&
+					std::string(given_password) == ""){
+				SendAccessDenied(m_con, peer_id, L"Empty passwords are "
+						L"disallowed. Set a password and try again.");
+				return;
+			}
 			std::wstring raw_default_password =
 				narrow_to_wide(g_settings->get("default_password"));
-			std::string use_password =
+			std::string initial_password =
 				translatePassword(playername, raw_default_password);
 
 			// If default_password is empty, allow any initial password
 			if (raw_default_password.length() == 0)
-				use_password = password;
+				initial_password = given_password;
 
-			scriptapi_create_auth(m_lua, playername, use_password);
+			scriptapi_create_auth(m_lua, playername, initial_password);
 		}
 		
 		has_auth = scriptapi_get_auth(m_lua, playername, &checkpwd, NULL);
@@ -2133,7 +2142,7 @@ void Server::ProcessData(u8 *data, u32 datasize, u16 peer_id)
 			return;
 		}
 
-		if(password != checkpwd){
+		if(given_password != checkpwd){
 			infostream<<"Server: peer_id="<<peer_id
 					<<": supplied invalid password for "
 					<<playername<<std::endl;