diff --git a/.env.sample b/.env.sample
index 348d121..63ffb04 100644
--- a/.env.sample
+++ b/.env.sample
@@ -15,4 +15,8 @@ MATRIX_USER=
 MATRIX_TOKEN=
 
 # The bot set this as its display name (Default: Timetable V2)
-MATRIX_DISPLAYNAME=
\ No newline at end of file
+MATRIX_DISPLAYNAME=
+
+# If set, this password must be used with the "login" command
+# to be able to use this bot
+AUTH_PASSWORD=
\ No newline at end of file
diff --git a/index.js b/index.js
index 1ad7dc4..f71d6c0 100644
--- a/index.js
+++ b/index.js
@@ -6,6 +6,8 @@ import "dotenv/config";
 import { JsonDB, Config } from "node-json-db";
 import { TimetableClient } from "./timetable.js";
 
+const authPassword = process.env.AUTH_PASSWORD;
+
 const db = new JsonDB(new Config("data/data", true, true, "/"));
 const timetable = new TimetableClient(
   process.env.TIMETABLE_ENDPOINT,
@@ -148,6 +150,34 @@ client.on("Room.timeline", async function (event, room) {
     return;
   }
 
+  if (
+    !(await db.getObjectDefault(`/authStatus/${room.roomId}`, false)) &&
+    authPassword
+  ) {
+    if (!event.event.content.body.startsWith("login")) {
+      const response =
+        "🔐 Not authenticated! Use <code>login [password]</code> to login";
+      client.sendHtmlMessage(room.roomId, plainText(response), response);
+      return;
+    }
+
+    if (event.event.content.body.split("login ")[1] == authPassword) {
+      await db.push(`/authStatus/${room.roomId}`, true);
+      client.sendTextMessage(room.roomId, "🔑 This room is now authenticated");
+      client
+        .redactEvent(room.roomId, event.event.event_id, undefined, {
+          reason: "Redacted login password",
+        })
+        .catch((e) => {
+          console.warn("Could not redact password in " + room.roomId);
+        });
+      return;
+    } else {
+      client.sendTextMessage(room.roomId, "❌ Invalid password");
+      return;
+    }
+  }
+
   try {
     if (event.getType() === "m.room.message") {
       await handleMessage(event, room.roomId);
@@ -195,6 +225,7 @@ async function handleMessage(event, room) {
 <li> <code>timetable</code>: Set your timetable</li>
 <li> <code>groups</code>: Configure your timetable groups <i>[Not implemented yet]</i></li>
 <li> <code>reset</code>: Reset the configuration for this room</li>
+<li> <code>logout</code>: Logout and reset the configuration for room</li>
 `;
       client.sendHtmlMessage(room, plainText(helpMessage), helpMessage);
     } else if (body == "info") {
@@ -264,6 +295,11 @@ async function handleMessage(event, room) {
       await db.delete(`/rooms/${room}`);
       const response = "⚠ The configuration for this room was reset!";
       client.sendHtmlMessage(room, plainText(response), response);
+    } else if (body == "logout") {
+      await db.delete(`/rooms/${room}`);
+      await db.delete(`/authStatus/${room}`);
+      const response = "🔐 This room was logged out!";
+      client.sendHtmlMessage(room, plainText(response), response);
     } else {
       const response =
         "Unknown command! Type <code>help</code> for a list of valid commands";