diff --git a/docker/rascsi-web/Dockerfile b/docker/rascsi-web/Dockerfile
index c68431d9..0a73e042 100644
--- a/docker/rascsi-web/Dockerfile
+++ b/docker/rascsi-web/Dockerfile
@@ -22,7 +22,7 @@ USER pi
 COPY --chown=pi:pi . .
 
 # Standalone RaSCSI web UI
-RUN ./easyinstall.sh --run_choice=11 --skip-token
+RUN ./easyinstall.sh --run_choice=11
 
 # Wired network bridge
 RUN ./easyinstall.sh --run_choice=6 --headless
diff --git a/docker/rascsi/Dockerfile b/docker/rascsi/Dockerfile
index 4e3c60f5..0eb42378 100644
--- a/docker/rascsi/Dockerfile
+++ b/docker/rascsi/Dockerfile
@@ -21,7 +21,7 @@ COPY --chown=pi:pi . .
 RUN patch -p0 < docker/rascsi/cfilesystem.patch
 
 # Install RaSCSI standalone
-RUN ./easyinstall.sh --run_choice=10 --cores=`nproc` --skip-token
+RUN ./easyinstall.sh --run_choice=10 --cores=`nproc`
 
 USER root
 WORKDIR /home/pi
diff --git a/easyinstall.sh b/easyinstall.sh
index 295c233d..74c934f2 100755
--- a/easyinstall.sh
+++ b/easyinstall.sh
@@ -157,8 +157,18 @@ function installRaScsi() {
     cleanupOutdatedManPage "scsimon.1"
     cleanupOutdatedManPage "rasdump.1"
     cleanupOutdatedManPage "sasidump.1"
+
     # install
     sudo make install CONNECT_TYPE="${CONNECT_TYPE:-FULLSPEC}" </dev/null
+
+    # update launch parameters
+    if [[ -f $SECRET_FILE ]]; then
+        sudo sed -i "\@^ExecStart.*@ s@@& -F $VIRTUAL_DRIVER_PATH -P $SECRET_FILE@" "$SYSTEMD_PATH/rascsi.service"
+        echo "Secret token file $SECRET_FILE detected. Using it to enable back-end authentication."
+    else
+        sudo sed -i "\@^ExecStart.*@ s@@& -F $VIRTUAL_DRIVER_PATH@" "$SYSTEMD_PATH/rascsi.service"
+    fi
+    echo "Configured rascsi.service to use $VIRTUAL_DRIVER_PATH as default image dir."
 }
 
 function preparePythonCommon() {
@@ -280,7 +290,7 @@ function backupRaScsiService() {
     fi
 }
 
-# Offers the choice of enabling token-based authentication for RaSCSI
+# Offers the choice of enabling token-based authentication for RaSCSI, or disables it if enabled
 function configureTokenAuth() {
     if [[ -f "$HOME/.rascsi_secret" ]]; then
         sudo rm "$HOME/.rascsi_secret"
@@ -289,46 +299,34 @@ function configureTokenAuth() {
 
     if [[ -f $SECRET_FILE ]]; then
         sudo rm "$SECRET_FILE"
-        echo "Removed RaSCSI token file"
-    fi
-
-    if [[ $SKIP_TOKEN ]]; then
-        echo "Skipping RaSCSI token setup"
-        return 0
-    fi
-
-    if [[ -z $TOKEN ]]; then
-        echo ""
-        echo "Do you want to protect your RaSCSI installation with a password? [y/N]"
+        echo "RaSCSI token file $SECRET_FILE already exists. Do you want to disable authentication? (y/N)"
         read REPLY
 
-        if ! [[ $REPLY =~ ^[Yy]$ ]]; then
-            return 0
+        if [[ $REPLY =~ ^[Yy]$ ]]; then
+            sudo sed -i 's@-P '"$SECRET_FILE"'@@' "$SYSTEMD_PATH/rascsi.service"
+            return
         fi
-
-        echo -n "Enter the password that you want to use: "
-        read -r TOKEN
     fi
 
+    echo -n "Enter the token password for protecting RaSCSI: "
+    read -r TOKEN
+
     echo "$TOKEN" > "$SECRET_FILE"
 
 	# Make the secret file owned and only readable by root
     sudo chown root:root "$SECRET_FILE"
     sudo chmod 600 "$SECRET_FILE"
+
+    sudo sed -i "s@^ExecStart.*@& -P $SECRET_FILE@" "$SYSTEMD_PATH/rascsi.service"
+
     echo ""
     echo "Configured RaSCSI to use $SECRET_FILE for authentication. This file is readable by root only."
     echo "Make note of your password: you will need it to use rasctl and other RaSCSI clients."
+    echo "If you have RaSCSI clients installed, please re-run the installation scripts, or update the systemd config manually."
 }
 
-# Modifies and installs the rascsi service
+# Enables and starts the rascsi service
 function enableRaScsiService() {
-    if [ ! -z "$TOKEN" ]; then
-        sudo sed -i "s@^ExecStart.*@& -F $VIRTUAL_DRIVER_PATH -P $SECRET_FILE@" "$SYSTEMD_PATH/rascsi.service"
-    else
-        sudo sed -i "s@^ExecStart.*@& -F $VIRTUAL_DRIVER_PATH@" "$SYSTEMD_PATH/rascsi.service"
-    fi
-    echo "Configured rascsi.service to use $VIRTUAL_DRIVER_PATH as default image dir."
-
     sudo systemctl daemon-reload
     sudo systemctl restart rsyslog
     sudo systemctl enable rascsi # optional - start rascsi at boot
@@ -338,10 +336,16 @@ function enableRaScsiService() {
 
 # Modifies and installs the rascsi-web service
 function installWebInterfaceService() {
+    if [[ -f "$SECRET_FILE" && -z "$TOKEN" ]] ; then
+        echo ""
+        echo "Secret token file $SECRET_FILE detected. You must enter the password, or press Ctrl+C to cancel installation."
+        read -r TOKEN
+    fi
+
     echo "Installing the rascsi-web.service configuration..."
     sudo cp -f "$WEB_INSTALL_PATH/service-infra/rascsi-web.service" "$SYSTEMD_PATH/rascsi-web.service"
     sudo sed -i /^ExecStart=/d "$SYSTEMD_PATH/rascsi-web.service"
-    echo "$TOKEN"
+
     if [ ! -z "$TOKEN" ]; then
         sudo sed -i "8 i ExecStart=$WEB_INSTALL_PATH/start.sh --password=$TOKEN" "$SYSTEMD_PATH/rascsi-web.service"
 	# Make the service file readable by root only, to protect the token string
@@ -934,6 +938,12 @@ function installMacproxy {
 
 # updates configuration files and installs packages needed for the OLED screen script
 function installRaScsiScreen() {
+    if [[ -f "$SECRET_FILE" && -z "$TOKEN" ]] ; then
+        echo ""
+        echo "Secret token file $SECRET_FILE detected. You must enter the password, or press Ctrl+C to cancel installation."
+        read -r TOKEN
+    fi
+
     echo "IMPORTANT: This configuration requires a OLED screen to be installed onto your RaSCSI board."
     echo "See wiki for more information: https://github.com/akuker/RASCSI/wiki/OLED-Status-Display-(Optional)"
     echo ""
@@ -964,16 +974,6 @@ function installRaScsiScreen() {
         SCREEN_HEIGHT="32"
     fi
 
-    if [ -z "$TOKEN" ]; then
-        echo ""
-        echo "Did you protect your RaSCSI installation with a token password? [y/N]"
-        read -r REPLY
-        if [ "$REPLY" == "y" ] || [ "$REPLY" == "Y" ]; then
-            echo -n "Enter the password that you configured with RaSCSI at the time of installation: "
-            read -r TOKEN
-        fi
-    fi
-
     stopRaScsiScreen
     disableRaScsiCtrlBoardService
     updateRaScsiGit
@@ -1026,6 +1026,12 @@ function installRaScsiScreen() {
 
 # updates configuration files and installs packages needed for the CtrlBoard script
 function installRaScsiCtrlBoard() {
+    if [[ -f "$SECRET_FILE" && -z "$TOKEN" ]] ; then
+        echo ""
+        echo "Secret token file $SECRET_FILE detected. You must enter the password, or press Ctrl+C to cancel installation."
+        read -r TOKEN
+    fi
+
     echo "IMPORTANT: This configuration requires a RaSCSI Control Board connected to your RaSCSI board."
     echo "See wiki for more information: https://github.com/akuker/RASCSI/wiki/RaSCSI-Control-Board"
     echo ""
@@ -1042,16 +1048,6 @@ function installRaScsiCtrlBoard() {
         ROTATION="180"
     fi
 
-    if [ -z "$TOKEN" ]; then
-        echo ""
-        echo "Did you protect your RaSCSI installation with a token password? [y/N]"
-        read -r REPLY
-        if [ "$REPLY" == "y" ] || [ "$REPLY" == "Y" ]; then
-            echo -n "Enter the password that you configured with RaSCSI at the time of installation: "
-            read -r TOKEN
-        fi
-    fi
-
     stopRaScsiCtrlBoard
     updateRaScsiGit
 
@@ -1148,6 +1144,13 @@ function enableWebInterfaceAuth {
 
     if [ $(getent group "$AUTH_GROUP") ]; then
         echo "The '$AUTH_GROUP' group already exists."
+        echo "Do you want to disable Web Interface authentication? (y/N)"
+        read -r REPLY
+        if [ "$REPLY" == "y" ] || [ "$REPLY" == "Y" ]; then
+            sudo groupdel "$AUTH_GROUP"
+            echo "The '$AUTH_GROUP' group has been deleted."
+            exit 0
+        fi
     else
         echo "Creating the '$AUTH_GROUP' group."
         sudo groupadd "$AUTH_GROUP"
@@ -1175,7 +1178,6 @@ function runChoice() {
               sudoCheck
               createImagesDir
               createCfgDir
-              configureTokenAuth
               stopOldWebInterface
               updateRaScsiGit
               installPackages
@@ -1196,7 +1198,6 @@ function runChoice() {
               cachePipPackages
               installRaScsiWebInterface
               installWebInterfaceService
-              enableWebInterfaceAuth
               showRaScsiScreenStatus
               showRaScsiCtrlBoardStatus
               showRaScsiStatus
@@ -1217,7 +1218,6 @@ function runChoice() {
               sudoCheck
               createImagesDir
               createCfgDir
-              configureTokenAuth
               updateRaScsiGit
               installPackages
               stopRaScsiScreen
@@ -1306,7 +1306,6 @@ function runChoice() {
               echo "- Install manpages to /usr/local/man"
               sudoCheck
               createImagesDir
-              configureTokenAuth
               updateRaScsiGit
               installPackagesStandalone
               stopRaScsi
@@ -1322,21 +1321,36 @@ function runChoice() {
               echo "- Add and modify systemd services"
               echo "- Modify and enable Apache2 and Nginx web service"
               echo "- Create directories and change permissions"
-              echo "- Modify user groups and permissions"
               echo "- Create a self-signed certificate in /etc/ssl"
               sudoCheck
               createCfgDir
-              configureTokenAuth
               updateRaScsiGit
               installPackages
               preparePythonCommon
               cachePipPackages
               installRaScsiWebInterface
-              enableWebInterfaceAuth
               echo "Configuring RaSCSI Web Interface stand-alone - Complete!"
               echo "Launch the Web Interface with the 'start.sh' script. To use a custom port for the web server: 'start.sh --web-port=8081"
           ;;
           12)
+              echo "Enabling or disabling RaSCSI back-end authentication"
+              echo "This script will make the following changes to your system:"
+              echo "- Modify user groups and permissions"
+              sudoCheck
+              stopRaScsi
+              configureTokenAuth
+              enableRaScsiService
+              echo "Enabling or disabling RaSCSI back-end authentication - Complete!"
+          ;;
+          13)
+              echo "Enabling or disabling Web Interface authentication"
+              echo "This script will make the following changes to your system:"
+              echo "- Modify user groups and permissions"
+              sudoCheck
+              enableWebInterfaceAuth
+              echo "Enabling or disabling Web Interface authentication - Complete!"
+          ;;
+          14)
               echo "Installing / Updating RaSCSI Control Board UI"
               echo "This script will make the following changes to your system:"
               echo "- Install additional packages with apt-get"
@@ -1349,7 +1363,7 @@ function runChoice() {
               showRaScsiCtrlBoardStatus
               echo "Installing / Updating RaSCSI Control Board UI - Complete!"
           ;;
-          13)
+          15)
               shareImagesWithNetatalk
               echo "Configuring AppleShare File Server - Complete!"
           ;;
@@ -1366,7 +1380,7 @@ function runChoice() {
 function readChoice() {
    choice=-1
 
-   until [ $choice -ge "0" ] && [ $choice -le "13" ]; do
+   until [ $choice -ge "0" ] && [ $choice -le "15" ]; do
        echo -n "Enter your choice (0-13) or CTRL-C to exit: "
        read -r choice
    done
@@ -1395,9 +1409,11 @@ function showMenu() {
     echo "ADVANCED OPTIONS"
     echo " 10) compile and install RaSCSI stand-alone"
     echo " 11) configure the RaSCSI Web Interface stand-alone"
+    echo " 12) enable or disable RaSCSI back-end authentication"
+    echo " 13) enable or disable RaSCSI Web Interface authentication"
     echo "EXPERIMENTAL FEATURES"
-    echo " 12) install or update RaSCSI Control Board UI (requires hardware)"
-    echo " 13) share the images dir over AppleShare (requires Netatalk)"
+    echo " 14) install or update RaSCSI Control Board UI (requires hardware)"
+    echo " 15) share the images dir over AppleShare (requires Netatalk)"
 }
 
 # parse arguments passed to the script
@@ -1433,9 +1449,6 @@ while [ "$1" != "" ]; do
             fi
             TOKEN=$VALUE
             ;;
-        -s | --skip-token)
-            SKIP_TOKEN=1
-            ;;
         -h | --headless)
             HEADLESS=1
             ;;