diff --git a/config.yaml b/config.yaml
index dd61720..cef8e52 100644
--- a/config.yaml
+++ b/config.yaml
@@ -25,6 +25,11 @@ dashboard:
   # secret_path: super-secret-dashboard-path
   secret_path: null
 
+  # Password for accessing protected dashboard panels.
+  # If null, a random password will be generated and printed in the logs.
+  # Can also be set via KRAWL_DASHBOARD_PASSWORD env var.
+  password: null
+
 backups:
   path: "backups"
   cron: "*/30 * * * *"
diff --git a/src/config.py b/src/config.py
index cb46bf6..0d6d648 100644
--- a/src/config.py
+++ b/src/config.py
@@ -28,6 +28,7 @@ class Config:
     canary_token_url: Optional[str] = None
     canary_token_tries: int = 10
     dashboard_secret_path: str = None
+    dashboard_password: Optional[str] = None
     probability_error_codes: int = 0  # Percentage (0-100)
 
     # Crawl limiting settings - for legitimate vs malicious crawlers
@@ -176,6 +177,11 @@ class Config:
             if dashboard_path[:1] != "/":
                 dashboard_path = f"/{dashboard_path}"
 
+        # Handle dashboard_password - auto-generate if null/not set
+        dashboard_password = dashboard.get("password")
+        if dashboard_password is None:
+            dashboard_password = os.urandom(25).hex()
+
         return cls(
             port=server.get("port", 5000),
             delay=server.get("delay", 100),
@@ -196,6 +202,7 @@ class Config:
             canary_token_url=canary.get("token_url"),
             canary_token_tries=canary.get("token_tries", 10),
             dashboard_secret_path=dashboard_path,
+            dashboard_password=dashboard_password,
             probability_error_codes=behavior.get("probability_error_codes", 0),
             exports_path=exports.get("path", "exports"),
             backups_path=backups.get("path", "backups"),