diff --git a/server.js b/server.js
index 1f7ccd4..b09729f 100644
--- a/server.js
+++ b/server.js
@@ -39,11 +39,19 @@ app.get("/api", (req, res) => {
 
 // http://expressjs.com/en/starter/basic-routing.html
 app.get("/status", (req, res) => {
-  const auth = {login: process.env.MATRIXUSERNAME, password: process.env.MATRIXPASSWORD}; // change this
+  // http basic auth handling without 3rd-party lib https://stackoverflow.com/a/33905671
+  const auth = {
+    login: process.env.MATRIXUSERNAME,
+    password: process.env.MATRIXPASSWORD
+  }; 
 
   // parse login and password from headers
-  const b64auth = (req.headers.authorization || '').split(' ')[1] || '';
-  const [login, password] = new Buffer(b64auth, 'base64').toString().split(':');
+  const b64auth = (req.headers.authorization || "").split(" ")[1] || "";
+  const [login, password] = new Buffer(b64auth, "base64").toString().split(":"); // won't work as we use : in username…
+
+  if (!login || !password || login !== auth.login || password !== auth.password) {
+    // Access granted...
+  }
   
   if (req.query.password !== process.env.PASSWORD) {
     return res.sendStatus(401);