diff --git a/docs/rest-api.md b/docs/rest-api.md
index 535163da4..0508f83e4 100644
--- a/docs/rest-api.md
+++ b/docs/rest-api.md
@@ -24,6 +24,13 @@ Sample configuration:
 
 You can then access the API by going to `http://127.0.0.1:8080/api/v1/version` to check if the API is running correctly.
 
+To generate a secure password, either use a password manager, or use the below code snipped.
+
+``` python
+import secrets
+secrets.token_hex()
+```
+
 ### Configuration with docker
 
 If you run your bot using docker, you'll need to have the bot listen to incomming connections. The security is then handled by docker.
diff --git a/freqtrade/rpc/api_server.py b/freqtrade/rpc/api_server.py
index 14b15a3df..711202b27 100644
--- a/freqtrade/rpc/api_server.py
+++ b/freqtrade/rpc/api_server.py
@@ -106,6 +106,10 @@ class ApiServer(RPC):
             logger.warning("SECURITY WARNING - This is insecure please set to your loopback,"
                            "e.g 127.0.0.1 in config.json")
 
+        if not self._config['api_server'].get('password'):
+            logger.warning("SECURITY WARNING - No password for local REST Server defined. "
+                           "Please make sure that this is intentional!")
+
         # Run the Server
         logger.info('Starting Local Rest Server.')
         try:
diff --git a/freqtrade/tests/rpc/test_rpc_apiserver.py b/freqtrade/tests/rpc/test_rpc_apiserver.py
index 4c3aea89a..b7721fd8e 100644
--- a/freqtrade/tests/rpc/test_rpc_apiserver.py
+++ b/freqtrade/tests/rpc/test_rpc_apiserver.py
@@ -156,7 +156,9 @@ def test_api_run(default_conf, mocker, caplog):
     server_mock.reset_mock()
     apiserver._config.update({"api_server": {"enabled": True,
                                              "listen_ip_address": "0.0.0.0",
-                                             "listen_port": "8089"}})
+                                             "listen_port": "8089",
+                                             "password": "",
+                                             }})
     apiserver.run()
 
     assert server_mock.call_count == 1
@@ -170,13 +172,15 @@ def test_api_run(default_conf, mocker, caplog):
     assert log_has("SECURITY WARNING - This is insecure please set to your loopback,"
                    "e.g 127.0.0.1 in config.json",
                    caplog.record_tuples)
+    assert log_has("SECURITY WARNING - No password for local REST Server defined. "
+                   "Please make sure that this is intentional!",
+                   caplog.record_tuples)
 
     # Test crashing flask
     caplog.clear()
     mocker.patch('freqtrade.rpc.api_server.make_server', MagicMock(side_effect=Exception))
     apiserver.run()
-    assert log_has("Api server failed to start.",
-                   caplog.record_tuples)
+    assert log_has("Api server failed to start.", caplog.record_tuples)
 
 
 def test_api_cleanup(default_conf, mocker, caplog):