diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js
index 81ed69b07..e0a5bd084 100644
--- a/src/node/hooks/express/webaccess.js
+++ b/src/node/hooks/express/webaccess.js
@@ -149,7 +149,10 @@ const checkAccess = async (req, res, next) => {
   if (!(await aCallFirst0('authenticate', ctx))) {
     // Fall back to HTTP basic auth.
     const {[ctx.username]: {password} = {}} = settings.users;
-    if (!httpBasicAuth || !ctx.username || password == null || password !== ctx.password) {
+
+    if (!httpBasicAuth ||
+        !ctx.username ||
+        password == null || password.toString() !== ctx.password) {
       httpLogger.info(`Failed authentication from IP ${req.ip}`);
       if (await aCallFirst0('authnFailure', {req, res})) return;
       if (await aCallFirst0('authFailure', {req, res, next})) return;