diff --git a/ChangeLog.txt b/ChangeLog.txt
index af90d4a1..262d305f 100644
--- a/ChangeLog.txt
+++ b/ChangeLog.txt
@@ -1,6 +1,9 @@
 Broker:
 - Fix session expiry with very large expiry intervals. Closes #1525.
 - Check ACL patterns for validity when loading. Closes #1539.
+- Use presence of password file as indicator for whether username checks
+  should take place, not whether usernames are defined in the password file.
+  Closes #1545.
 
 1.6.8 - 20191128
 ================
diff --git a/src/security_default.c b/src/security_default.c
index d371366a..8ad61db9 100644
--- a/src/security_default.c
+++ b/src/security_default.c
@@ -881,10 +881,10 @@ int mosquitto_unpwd_check_default(struct mosquitto_db *db, struct mosquitto *con
 	if(db->config->per_listener_settings){
 		if(context->bridge) return MOSQ_ERR_SUCCESS;
 		if(!context->listener) return MOSQ_ERR_INVAL;
-		if(!context->listener->unpwd) return MOSQ_ERR_PLUGIN_DEFER;
+		if(context->listener->security_options.password_file == NULL) return MOSQ_ERR_PLUGIN_DEFER;
 		unpwd_ref = context->listener->unpwd;
 	}else{
-		if(!db->unpwd) return MOSQ_ERR_PLUGIN_DEFER;
+		if(db->config->security_options.password_file == NULL) return MOSQ_ERR_PLUGIN_DEFER;
 		unpwd_ref = db->unpwd;
 	}
 	if(!username){