diff --git a/core/modules/server/routes/get-status.js b/core/modules/server/routes/get-status.js
index b026b5f47..dd0f76c87 100644
--- a/core/modules/server/routes/get-status.js
+++ b/core/modules/server/routes/get-status.js
@@ -19,7 +19,7 @@ exports.path = /^\/status$/;
 exports.handler = function(request,response,state) {
 	response.writeHead(200, {"Content-Type": "application/json"});
 	var text = JSON.stringify({
-		username: state.authenticatedUsername,
+		username: state.authenticatedUsername || state.server.get("username") || "",
 		space: {
 			recipe: "default"
 		},
diff --git a/core/modules/server/server.js b/core/modules/server/server.js
index 4a30a104a..ab7f528e6 100644
--- a/core/modules/server/server.js
+++ b/core/modules/server/server.js
@@ -43,9 +43,10 @@ function Server(options) {
 	}
 	$tw.utils.extend({},this.defaultVariables,options.variables);
 	// Initialise authorization
+	var authorizedUserName = (this.get("username") && this.get("password")) ? this.get("username") : "(anon)";
 	this.authorizationPrincipals = {
-		readers: (this.get("readers") || this.get("username") || "(anon)").split(",").map($tw.utils.trim),
-		writers: (this.get("writers") || this.get("username") || "(anon)").split(",").map($tw.utils.trim)
+		readers: (this.get("readers") || authorizedUserName).split(",").map($tw.utils.trim),
+		writers: (this.get("writers") || authorizedUserName).split(",").map($tw.utils.trim)
 	}
 	// Load and initialise authenticators
 	$tw.modules.forEachModuleOfType("authenticator", function(title,authenticatorDefinition) {