diff --git a/src/node/hooks/express/webaccess.js b/src/node/hooks/express/webaccess.js
index 48b5edae7..74f131451 100644
--- a/src/node/hooks/express/webaccess.js
+++ b/src/node/hooks/express/webaccess.js
@@ -24,8 +24,12 @@ exports.basicAuth = function (req, res, next) {
   // If a password has been set and auth headers are present...
   if (pass && req.headers.authorization && req.headers.authorization.search('Basic ') === 0) {
     // ...check login and password
-    if (new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString() === pass) {
-      return next();
+    var userLogin = new Buffer(req.headers.authorization.split(' ')[1], 'base64').toString();
+    settings.readConfig();
+    for (var loginIndex in pass) {
+      if (userLogin === pass[loginIndex]) {
+        return next();
+      }
     }
   }
   // Do not require auth for static paths...this could be a bit brittle
diff --git a/src/node/utils/Settings.js b/src/node/utils/Settings.js
index 12fcc55c5..d44a363fe 100644
--- a/src/node/utils/Settings.js
+++ b/src/node/utils/Settings.js
@@ -103,6 +103,8 @@ exports.abiwordAvailable = function()
   }
 }
 
+exports.readConfig = function()
+{
 // Discover where the settings file lives
 var settingsFilename = argv.settings || "settings.json";
 if (settingsFilename.charAt(0) != '/') {
@@ -149,3 +151,6 @@ for(var i in settings)
     console.warn("This setting doesn't exist or it was removed");
   }
 }
+}
+
+exports.readConfig();