diff --git a/static/default.css b/static/default.css
index 1d37b1b..3928611 100644
--- a/static/default.css
+++ b/static/default.css
@@ -553,6 +553,35 @@ kbd {
 	font-weight: bold;
 }
 
+/*
+ * The lock page
+ */
+.locked-notice {
+	background-color: transparent;
+	display: flex;
+	justify-content: center;
+}
+
+.locked-notice__message {
+	max-width: 30rem;
+	display: flex;
+	flex-direction: column;
+	align-items: center;
+}
+
+.locked-notice__lock {
+	font-size: 8rem;
+	margin: 0;
+}
+
+.locked-notice__title {
+	margin: 0 0 1rem 0;
+}
+
+.locked-notice__login-form input {
+	margin-bottom: 1rem;
+}
+
 /*
  * To-do lists
  */
diff --git a/views/auth.qtpl b/views/auth.qtpl
index 649fd82..a952635 100644
--- a/views/auth.qtpl
+++ b/views/auth.qtpl
@@ -57,7 +57,7 @@
 		</form>
 	{% else %}
 		<p>Authentication is disabled. You can make edits anonymously.</p>
-		<p><a class="modal__cancel" href="/">← Go home</a></p>
+		<p><a class="btn btn_weak" href="/">← Go home</a></p>
 	{% endif %}
 	</section>
 </main>
@@ -99,3 +99,35 @@
 </main>
 </div>
 {% endfunc %}
+
+{% func LockHTML() %}
+<!doctype html>
+<html>
+<head>
+	<meta charset="utf-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1">
+	<title>🔒 Locked</title>
+	<link rel="shortcut icon" href="/static/favicon.ico">
+	<link rel="stylesheet" href="/static/style.css">
+</head>
+<body>
+	<main class="locked-notice">
+		<section class="locked-notice__message">
+			<p class="locked-notice__lock">🔒</p>
+			<h1 class="locked-notice__title">Locked</h1>
+			<form class="locked-notice__login-form" method="post" action="/login-data" id="login-form" enctype="multipart/form-data" autocomplete="on">
+                <label for="login-form__username">Username</label>
+                <br>
+                <input type="text" required autofocus id="login-form__username" name="username" autocomplete="username">
+                <br>
+                <label for="login-form__password">Password</label>
+                <br>
+                <input type="password" required name="password" autocomplete="current-password">
+                <br>
+                <input class="btn" type="submit" value="Log in">
+            </form>
+		</section>
+	</main>
+</body>
+</html>
+{% endfunc %}
\ No newline at end of file
diff --git a/views/auth.qtpl.go b/views/auth.qtpl.go
index 7fffb8a..8b0658a 100644
--- a/views/auth.qtpl.go
+++ b/views/auth.qtpl.go
@@ -161,7 +161,7 @@ func StreamLoginHTML(qw422016 *qt422016.Writer) {
 //line views/auth.qtpl:58
 		qw422016.N().S(`
 		<p>Authentication is disabled. You can make edits anonymously.</p>
-		<p><a class="modal__cancel" href="/">← Go home</a></p>
+		<p><a class="btn btn_weak" href="/">← Go home</a></p>
 	`)
 //line views/auth.qtpl:61
 	}
@@ -330,3 +330,66 @@ func LogoutHTML(can bool) string {
 	return qs422016
 //line views/auth.qtpl:101
 }
+
+//line views/auth.qtpl:103
+func StreamLockHTML(qw422016 *qt422016.Writer) {
+//line views/auth.qtpl:103
+	qw422016.N().S(`
+<!doctype html>
+<html>
+<head>
+	<meta charset="utf-8">
+	<meta name="viewport" content="width=device-width, initial-scale=1">
+	<title>🔒 Locked</title>
+	<link rel="shortcut icon" href="/static/favicon.ico">
+	<link rel="stylesheet" href="/static/style.css">
+</head>
+<body>
+	<main class="locked-notice">
+		<section class="locked-notice__message">
+			<p class="locked-notice__lock">🔒</p>
+			<h1 class="locked-notice__title">Locked</h1>
+			<form class="locked-notice__login-form" method="post" action="/login-data" id="login-form" enctype="multipart/form-data" autocomplete="on">
+                <label for="login-form__username">Username</label>
+                <br>
+                <input type="text" required autofocus id="login-form__username" name="username" autocomplete="username">
+                <br>
+                <label for="login-form__password">Password</label>
+                <br>
+                <input type="password" required name="password" autocomplete="current-password">
+                <br>
+                <input class="btn" type="submit" value="Log in">
+            </form>
+		</section>
+	</main>
+</body>
+</html>
+`)
+//line views/auth.qtpl:133
+}
+
+//line views/auth.qtpl:133
+func WriteLockHTML(qq422016 qtio422016.Writer) {
+//line views/auth.qtpl:133
+	qw422016 := qt422016.AcquireWriter(qq422016)
+//line views/auth.qtpl:133
+	StreamLockHTML(qw422016)
+//line views/auth.qtpl:133
+	qt422016.ReleaseWriter(qw422016)
+//line views/auth.qtpl:133
+}
+
+//line views/auth.qtpl:133
+func LockHTML() string {
+//line views/auth.qtpl:133
+	qb422016 := qt422016.AcquireByteBuffer()
+//line views/auth.qtpl:133
+	WriteLockHTML(qb422016)
+//line views/auth.qtpl:133
+	qs422016 := string(qb422016.B)
+//line views/auth.qtpl:133
+	qt422016.ReleaseByteBuffer(qb422016)
+//line views/auth.qtpl:133
+	return qs422016
+//line views/auth.qtpl:133
+}
diff --git a/web/auth.go b/web/auth.go
index 3e65f83..7b5fba8 100644
--- a/web/auth.go
+++ b/web/auth.go
@@ -14,6 +14,7 @@ import (
 )
 
 func initAuth() {
+	http.HandleFunc("/lock", handlerLock)
 	if !cfg.UseAuth {
 		return
 	}
@@ -26,6 +27,10 @@ func initAuth() {
 	http.HandleFunc("/logout-confirm", handlerLogoutConfirm)
 }
 
+func handlerLock(w http.ResponseWriter, rq *http.Request) {
+	io.WriteString(w, views.LockHTML())
+}
+
 // handlerRegister both displays the register form (GET) and registers users (POST).
 func handlerRegister(w http.ResponseWriter, rq *http.Request) {
 	util.PrepareRq(rq)