diff --git a/node/db/SecurityManager.js b/node/db/SecurityManager.js
index fa7780dc3..c7d98a58b 100644
--- a/node/db/SecurityManager.js
+++ b/node/db/SecurityManager.js
@@ -217,7 +217,6 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
         else if(!isPublic)
         {
           //--> deny access
-          console.log("not public");
           statusObject = {accessStatus: "deny"};
         }
         else
@@ -228,9 +227,8 @@ exports.checkAccess = function (padID, sessionID, token, password, callback)
       // there is no valid session avaiable AND pad doesn't exists
       else
       {
-         //--> deny access
-         console.log("imaginary pad");
-         statusObject = {accessStatus: "deny"};
+         //grant access so he pad can be generated
+         statusObject = {accessStatus: "grant", authorID: tokenAuthor};
       }
       
       callback();
diff --git a/node/handler/PadMessageHandler.js b/node/handler/PadMessageHandler.js
index 56e6de873..7aa1238e8 100644
--- a/node/handler/PadMessageHandler.js
+++ b/node/handler/PadMessageHandler.js
@@ -190,6 +190,12 @@ exports.handleMessage = function(client, message)
   {
     handleSuggestUserName(client, message);
   }
+  else if(message.type == "COLLABROOM" && 
+          message.data.type == "CLIENT_MESSAGE" &&
+          message.data.payload.type == "setPassword")
+  {
+    handleSetPadPassword(client, message);
+  }
   //if the message type is unkown, throw an exception
   else
   {
@@ -294,6 +300,13 @@ function handleSuggestUserName(client, message)
   }
 }
 
+function handleSetPadPassword(client, message){
+  var padId = session2pad[client.id];
+  padManager.getPad(padId, function(err, value){
+    value.setPassword(message.data.payload.password);
+  });
+}
+
 /**
  * Handles a USERINFO_UPDATE, that means that a user have changed his color or name. Anyway, we get both informations
  * @param client the client that send this message
diff --git a/static/css/pad.css b/static/css/pad.css
index 3d170c3dd..bdab50409 100644
--- a/static/css/pad.css
+++ b/static/css/pad.css
@@ -769,7 +769,7 @@ a#topbarmaximize {
  width: 100%;
 }
 
-#embed, #readonly {
+#embed, #readonly, #setpassword {
 display:none;
 position:absolute;
 top:40px;
@@ -1146,4 +1146,4 @@ width:33px !important;
   #editbar ul li {
     padding: 4px 1px;
   }
-}
\ No newline at end of file
+}
diff --git a/static/index.html b/static/index.html
index 1c35e3852..09b4b2164 100644
--- a/static/index.html
+++ b/static/index.html
@@ -69,7 +69,7 @@
               font-weight: bold;
               font-size: 15px
             }
-            input[type="text"], input[type="password"] {
+            input[type="text"] {
               width: 243px;
               padding: 10px 47px 10px 10px;
               background: #fff;
@@ -78,13 +78,7 @@
               border-radius: 3px;
               text-shadow: 0 0 1px #fff
             }
-			#usepwlabel {
-			  display: inline;
-			}
-			#usePasswordContainer {
-			  margin: 10px 0 5px 0
-			}
-			input[type="submit"] {
+            input[type="submit"] {
               width: 45px;
               margin-left: -50px;
               padding: 8px
@@ -100,8 +94,6 @@
             <form action="#" onsubmit="go2Name();return false;"> 
                     <input type="text" id="padname" autofocus/> 
 					<input type="submit" value="OK"/><br/>
-					<div id="usePasswordContainer"><input type="checkbox" id="usePassword" onclick="updatePasswordField()"/><label for="usePassword"><div id="usepwlabel">Use password</div></label></div>
-					<div id="passwordFieldContainer"><input type="password" id="passwordField"/></div>
             </form> 
         </div> 
         <script> 
@@ -109,20 +101,7 @@
             {
                 var padname = $("#padname").val();
 				if(padname.length > 0){
-					if($("#passwordField").val().length>0)
-					{
-						$.get("api/1/createPad", {apikey: "o8PJ496RtbcwoMQGgDyjoOmyq5wJ8dON", padID: padname}, function(data){
-							$.get("api/1/setPassword", {apikey: "o8PJ496RtbcwoMQGgDyjoOmyq5wJ8dON", padID: padname, password: $("#passwordField").val()}, function(data){
-								window.location = "p/" + padname;
-							});
-						});
-					}
-					else
-					{
-						$.get("api/1/createPad", {apikey: "o8PJ496RtbcwoMQGgDyjoOmyq5wJ8dON", padID: padname}, function(data){
-              window.location = "p/" + padname;
-            });
-					}
+            window.location = "p/" + padname;
 				}
 				else
 				{
@@ -146,18 +125,6 @@
                 }
                 return randomstring;
 			}
-
-			function updatePasswordField()
-			{
-				if($("#usePassword:checked").val()){
-					$("#passwordFieldContainer").css("display", "block");
-				}
-				else
-				{
-					$("#passwordFieldContainer").css("display", "none");
-				}
-			}
-			updatePasswordField();
             if(typeof customStart == "function") customStart();
         </script> 
 </html>
diff --git a/static/js/ace2_inner.js b/static/js/ace2_inner.js
index 1575fc9ad..7b136f1e5 100644
--- a/static/js/ace2_inner.js
+++ b/static/js/ace2_inner.js
@@ -3471,7 +3471,7 @@ function OUTER(gscope)
   function handleClick(evt)
   {
     //hide the dropdowns
-    window.top.padeditbar.toogleDropDown("none");
+    window.top.padeditbar.toggleDropDown("none");
   
     inCallStack("handleClick", function()
     {
diff --git a/static/js/pad2.js b/static/js/pad2.js
index 568b34568..8534d6d84 100644
--- a/static/js/pad2.js
+++ b/static/js/pad2.js
@@ -51,6 +51,11 @@ function createCookie(name, value, days, path)
   document.cookie = name + "=" + value + expires + "; path=" + path;
 }
 
+function setPassword(){
+  console.log("setting password");
+  pad.setPassword($("#setpasswordfield").val());
+}
+
 function readCookie(name)
 {
   var nameEQ = name + "=";
@@ -489,6 +494,13 @@ var pad = {
       changedBy: pad.myUserInfo.name || "unnamed"
     });
   },
+  setPassword: function(newPassword){
+    pad.collabClient.sendClientMessage(
+    {
+      type: "setPassword",
+      password: newPassword
+    });
+  },
   changeViewOption: function(key, value)
   {
     var options = {
diff --git a/static/js/pad_editbar.js b/static/js/pad_editbar.js
index ae1090687..253f2884d 100644
--- a/static/js/pad_editbar.js
+++ b/static/js/pad_editbar.js
@@ -96,18 +96,18 @@ var padeditbar = (function()
       {
         if(cmd == "showusers")
         {
-          self.toogleDropDown("users");
+          self.toggleDropDown("users");
         }
         else if (cmd == 'embed')
         {  
           var padurl = window.location.href.split("?")[0];
           $('#embedinput').val("<iframe src='" + padurl + "?showControls=true&showChat=true&showLineNumbers=true&useMonospaceFont=false' width=600 height=400>");
-          self.toogleDropDown("embed");
+          self.toggleDropDown("embed");
           $('#embedinput').focus().select();
         }
         else if (cmd == 'import_export')
         {
-	      self.toogleDropDown("importexport");
+	      self.toggleDropDown("importexport");
         }
 
         else if (cmd == 'readonly')
@@ -116,13 +116,16 @@ var padeditbar = (function()
           var readonlyLink = basePath + "/ro/" + clientVars.readOnlyId;
           $('#readonlyImage').attr("src","https://chart.googleapis.com/chart?chs=200x200&cht=qr&chld=H|0&chl=" + readonlyLink);
           $('#readonlyInput').val(readonlyLink);
-          self.toogleDropDown("readonly");
+          self.toggleDropDown("readonly");
           $('#readonlyInput').focus().select();
         }
         else if (cmd == 'save')
         {
           padsavedrevs.saveNow();
         }
+        else if (cmd == 'password'){
+          self.toggleDropDown("setpassword");
+        }
         else
         {
           padeditor.ace.callWithAce(function(ace)
@@ -162,9 +165,9 @@ var padeditbar = (function()
       }
       padeditor.ace.focus();
     },
-    toogleDropDown: function(moduleName)
+    toggleDropDown: function(moduleName)
     {
-      var modules = ["embed", "users", "readonly", "importexport"];
+      var modules = ["embed", "users", "readonly", "importexport", "setpassword"];
       
       //hide all modules
       if(moduleName == "none")
diff --git a/static/pad.html b/static/pad.html
index 86da0f8c8..aea55a62e 100644
--- a/static/pad.html
+++ b/static/pad.html
@@ -96,6 +96,11 @@
     <div class="buttonicon" style="background-position:0px -18px"></div>
   </a>
 </li>
+<li onClick="window.pad&&pad.editbarClick('password');return false;" >
+  <a id="setpasswordlink" title="Set the password of this pad">
+    <div class="buttonicon" style="background-position:0px -18px"></div>
+  </a>
+</li>
 <li class="separator"></li>
 <li id="timesliderlink" onClick="document.location = document.location.pathname+ '/timeslider'">
   <a title="Show the history of this pad">
@@ -178,6 +183,15 @@
 
 </div>
 
+<!-- password setting code -->
+
+<div id="setpassword">
+  <form id="setpasswordform" action="">
+    <input type="password" id="setpasswordfield">
+    <input type="submit" value="Set" id="setpasswordsubmit" onClick="setPassword()">
+  </form>
+</div>
+
 <!-- import export code -->
 <div id="importexport">