diff --git a/package.json b/package.json
index c7f7e9e..d554c3c 100644
--- a/package.json
+++ b/package.json
@@ -17,8 +17,10 @@
     "codex.editor.header": "^2.0.5",
     "cookie-parser": "~1.4.3",
     "debug": "~4.1.0",
+    "dotenv": "^6.2.0",
     "express": "~4.16.0",
     "http-errors": "~1.7.1",
+    "jsonwebtoken": "^8.4.0",
     "module-dispatcher": "^1.0.2",
     "morgan": "~1.9.0",
     "multer": "^1.3.1",
diff --git a/src/routes/auth.js b/src/routes/auth.js
new file mode 100644
index 0000000..63a6060
--- /dev/null
+++ b/src/routes/auth.js
@@ -0,0 +1,29 @@
+const express = require('express');
+const router = express.Router();
+const { password: db } = require('../utils/database/index');
+const jwt = require('jsonwebtoken');
+
+/* GET authorization page. */
+router.get('/auth', function (req, res, next) {
+  res.render('auth', { title: 'Login page ', header: 'Enter password' });
+});
+
+router.post('/auth', async (req, res) => {
+  const passwordDoc = await db.findOne({password: req.body.password});
+
+  if (passwordDoc !== null) {
+    const token = jwt.sign({
+      'iss': 'Codex Team',
+      'sub': 'auth',
+      'iat': Date.now()
+    }, passwordDoc.password);
+
+    res.cookie('authToken', token);
+
+    res.redirect('/');
+  } else {
+    res.render('auth', { title: 'Login page', header: 'Wrong password!<br \\/>Try once more' });
+  }
+});
+
+module.exports = router;
diff --git a/src/routes/home.js b/src/routes/home.js
index 819cc1d..5e78936 100644
--- a/src/routes/home.js
+++ b/src/routes/home.js
@@ -1,9 +1,21 @@
 const express = require('express');
+const verifyToken = require('./middlewares/token');
 const router = express.Router();
 
 /* GET home page. */
-router.get('/', function (req, res, next) {
-  res.render('index', { title: 'Express' });
+router.get('/', async function (req, res, next) {
+  let isAuthorized = false;
+
+  await verifyToken(req.cookies.authToken).then(
+    async () => {
+      console.log('Authorized user entered page');
+      isAuthorized = true;
+    },
+    () => {
+      console.log('Not authorized');
+    }
+  );
+  res.render('index', { title: 'Express', isAuthorized: isAuthorized });
 });
 
-module.exports = router;
\ No newline at end of file
+module.exports = router;
diff --git a/src/routes/index.js b/src/routes/index.js
index 6ad5d78..9dc3e27 100644
--- a/src/routes/index.js
+++ b/src/routes/index.js
@@ -3,12 +3,14 @@ const router = express.Router();
 
 const home = require('./home');
 const pages = require('./pages');
+const auth = require('./auth');
 const api = require('./api');
 
 const pagesMiddleware = require('./middlewares/pages');
 
 router.use('/', pagesMiddleware, home);
 router.use('/', pagesMiddleware, pages);
+router.use('/', pagesMiddleware, auth);
 router.use('/api', api);
 
 module.exports = router;
diff --git a/src/routes/middlewares/token.js b/src/routes/middlewares/token.js
new file mode 100644
index 0000000..3050f1a
--- /dev/null
+++ b/src/routes/middlewares/token.js
@@ -0,0 +1,14 @@
+require('dotenv').config();
+
+const jwt = require('jsonwebtoken');
+
+module.exports = function verifyToken(token) {
+  return new Promise((resolve, reject) => {
+    jwt.verify(token, process.env.PASSWORD, (err, decodedToken) => {
+      if (err || !decodedToken) {
+        return reject(err);
+      }
+      resolve(decodedToken);
+    });
+  });
+};
diff --git a/src/routes/pages.js b/src/routes/pages.js
index 62a788c..701078e 100644
--- a/src/routes/pages.js
+++ b/src/routes/pages.js
@@ -1,37 +1,53 @@
 const express = require('express');
 const router = express.Router();
 const Pages = require('../controllers/pages');
+const verifyToken = require('./middlewares/token');
 
 /**
  * Create new page form
  */
 router.get('/page/new', async (req, res) => {
-  let pagesAvailable = await Pages.getAll();
+  verifyToken(req.cookies.authToken).then(
+    async () => {
+      let pagesAvailable = await Pages.getAll();
 
-  res.render('pages/form', {
-    pagesAvailable,
-    page: null
-  });
+      res.render('pages/form', {
+        pagesAvailable,
+        page: null
+      });
+    },
+    () => {
+      res.render('auth', { title: 'Login page', header: 'Enter password to do this!' });
+    }
+
+  );
 });
 
 /**
  * Edit page form
  */
 router.get('/page/edit/:id', async (req, res, next) => {
-  const pageId = req.params.id;
+  verifyToken(req.cookies.authToken).then(
+    async () => {
+      const pageId = req.params.id;
 
-  try {
-    let page = await Pages.get(pageId);
-    let pagesAvailable = await Pages.getAll();
+      try {
+        let page = await Pages.get(pageId);
+        let pagesAvailable = await Pages.getAll();
 
-    res.render('pages/form', {
-      pagesAvailable,
-      page
-    });
-  } catch (error) {
-    res.status(404);
-    next(error);
-  }
+        res.render('pages/form', {
+          pagesAvailable,
+          page
+        });
+      } catch (error) {
+        res.status(404);
+        next(error);
+      }
+    },
+    () => {
+      res.render('auth', { title: 'Login page', header: 'Enter password to do this!' });
+    }
+  );
 });
 
 /**
@@ -39,6 +55,17 @@ router.get('/page/edit/:id', async (req, res, next) => {
  */
 router.get('/page/:id', async (req, res, next) => {
   const pageId = req.params.id;
+  let isAuthorized = false;
+
+  await verifyToken(req.cookies.authToken).then(
+    async () => {
+      console.log('Authorized user entered page');
+      isAuthorized = true;
+    },
+    () => {
+      console.log('Not authorized');
+    }
+  );
 
   try {
     let page = await Pages.get(pageId);
@@ -46,7 +73,7 @@ router.get('/page/:id', async (req, res, next) => {
     let pageParent = await page.parent;
 
     res.render('pages/page', {
-      page, pageParent
+      page, pageParent, isAuthorized
     });
   } catch (error) {
     res.status(404);
diff --git a/src/utils/database/index.js b/src/utils/database/index.js
index 0066c58..3ab0783 100644
--- a/src/utils/database/index.js
+++ b/src/utils/database/index.js
@@ -1,4 +1,5 @@
 const pages = require('./pages');
+const password = require('./password');
 
 /**
  * @class Database
@@ -142,5 +143,6 @@ class Database {
 
 module.exports = {
   class: Database,
-  pages: new Database(pages)
+  pages: new Database(pages),
+  password: new Database(password)
 };
diff --git a/src/utils/database/password.js b/src/utils/database/password.js
new file mode 100644
index 0000000..e97f33c
--- /dev/null
+++ b/src/utils/database/password.js
@@ -0,0 +1,6 @@
+const Datastore = require('nedb');
+const config = require('../../../config');
+
+const db = new Datastore({filename: `./${config.database}/password.db`, autoload: true});
+
+module.exports = db;
diff --git a/src/views/auth.twig b/src/views/auth.twig
new file mode 100644
index 0000000..cf9e514
--- /dev/null
+++ b/src/views/auth.twig
@@ -0,0 +1,10 @@
+{% extends 'layout.twig' %}
+
+{% block body %}
+  <h1>{{header}}</h1>
+  <form method="post" action="/auth">
+    <input type="password" name="password" placeholder="Password">
+    <input type="submit" value="login">
+  </form>
+{% endblock %}
+
diff --git a/src/views/components/header.twig b/src/views/components/header.twig
index fd7d722..7c54e31 100644
--- a/src/views/components/header.twig
+++ b/src/views/components/header.twig
@@ -4,10 +4,14 @@
   </a>
   <ul class="docs-header__menu">
     <li>
-      <a class="docs-header__button" href="/page/new">
-        {{ svg('plus') }}
-        Add Page
-      </a>
+      {% if isAuthorized == true %}
+        <a class="docs-header__button" href="/page/new">
+          {{ svg('plus') }}
+          Add Page
+        </a>
+      {% else %}
+        <a class="docs-header__button" href="/auth">Authorize</a>
+      {% endif %}
     </li>
     {% for option in config.menu %}
       <li>
diff --git a/src/views/layout.twig b/src/views/layout.twig
index 798d6e7..098d813 100644
--- a/src/views/layout.twig
+++ b/src/views/layout.twig
@@ -5,7 +5,7 @@
     <link rel="stylesheet" href="/dist/main.css" />
   </head>
   <body>
-    {% include "components/header.twig" %}
+    {% include "components/header.twig" with isAuthorized %}
     <div class="docs">
       <aside class="docs__aside">
         {% include "components/aside.twig" %}
diff --git a/src/views/pages/page.twig b/src/views/pages/page.twig
index 0e0bcd8..1178c08 100644
--- a/src/views/pages/page.twig
+++ b/src/views/pages/page.twig
@@ -13,9 +13,15 @@
       {% endif %}
       <time class="page__header-time">
         Last edit {{ (page.body.time / 1000)  | date("M d Y") }}
-        <a href="/page/edit/{{ page._id }}" class="page__header-button">
-          Edit
-        </a>
+        {% if isAuthorized == true %}
+          <a href="/page/edit/{{ page._id }}" class="page__header-button">
+            Edit
+          </a>
+        {% else %}
+          <a href="/auth" class="page__header-button">
+            Authorize to edit
+          </a>
+        {% endif %}
       </time>
     </header>
     <h1 class="page__title">
diff --git a/yarn.lock b/yarn.lock
index de40920..c94db1b 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -1303,6 +1303,11 @@ browserslist@^4.0.0, browserslist@^4.0.1, browserslist@^4.3.4, browserslist@^4.3
     electron-to-chromium "^1.3.86"
     node-releases "^1.0.5"
 
+buffer-equal-constant-time@1.0.1:
+  version "1.0.1"
+  resolved "https://registry.yarnpkg.com/buffer-equal-constant-time/-/buffer-equal-constant-time-1.0.1.tgz#f8e71132f7ffe6e01a5c9697a4c6f3e48d5cc819"
+  integrity sha1-+OcRMvf/5uAaXJaXpMbz5I1cyBk=
+
 buffer-from@^1.0.0:
   version "1.1.1"
   resolved "https://registry.yarnpkg.com/buffer-from/-/buffer-from-1.1.1.tgz#32713bc028f75c02fdb710d7c7bcec1f2c6070ef"
@@ -2324,6 +2329,11 @@ dot-prop@^4.1.0, dot-prop@^4.1.1:
   dependencies:
     is-obj "^1.0.0"
 
+dotenv@^6.2.0:
+  version "6.2.0"
+  resolved "https://registry.yarnpkg.com/dotenv/-/dotenv-6.2.0.tgz#941c0410535d942c8becf28d3f357dbd9d476064"
+  integrity sha512-HygQCKUBSFl8wKQZBSemMywRWcEDNidvNbjGVyZu3nbZ8qq9ubiPoGLMdRDpfSrpkkm9BXYFkpKxxFX38o/76w==
+
 duplexer3@^0.1.4:
   version "0.1.4"
   resolved "https://registry.yarnpkg.com/duplexer3/-/duplexer3-0.1.4.tgz#ee01dd1cac0ed3cbc7fdbea37dc0a8f1ce002ce2"
@@ -2339,6 +2349,13 @@ duplexify@^3.4.2, duplexify@^3.6.0:
     readable-stream "^2.0.0"
     stream-shift "^1.0.0"
 
+ecdsa-sig-formatter@1.0.10:
+  version "1.0.10"
+  resolved "https://registry.yarnpkg.com/ecdsa-sig-formatter/-/ecdsa-sig-formatter-1.0.10.tgz#1c595000f04a8897dfb85000892a0f4c33af86c3"
+  integrity sha1-HFlQAPBKiJffuFAAiSoPTDOvhsM=
+  dependencies:
+    safe-buffer "^5.0.1"
+
 ee-first@1.1.1:
   version "1.1.1"
   resolved "https://registry.yarnpkg.com/ee-first/-/ee-first-1.1.1.tgz#590c61156b0ae2f4f0255732a158b266bc56b21d"
@@ -3880,11 +3897,43 @@ json5@^2.1.0:
   dependencies:
     minimist "^1.2.0"
 
+jsonwebtoken@^8.4.0:
+  version "8.4.0"
+  resolved "https://registry.yarnpkg.com/jsonwebtoken/-/jsonwebtoken-8.4.0.tgz#8757f7b4cb7440d86d5e2f3becefa70536c8e46a"
+  integrity sha512-coyXjRTCy0pw5WYBpMvWOMN+Kjaik2MwTUIq9cna/W7NpO9E+iYbumZONAz3hcr+tXFJECoQVrtmIoC3Oz0gvg==
+  dependencies:
+    jws "^3.1.5"
+    lodash.includes "^4.3.0"
+    lodash.isboolean "^3.0.3"
+    lodash.isinteger "^4.0.4"
+    lodash.isnumber "^3.0.3"
+    lodash.isplainobject "^4.0.6"
+    lodash.isstring "^4.0.1"
+    lodash.once "^4.0.0"
+    ms "^2.1.1"
+
 just-extend@^3.0.0:
   version "3.0.0"
   resolved "https://registry.yarnpkg.com/just-extend/-/just-extend-3.0.0.tgz#cee004031eaabf6406da03a7b84e4fe9d78ef288"
   integrity sha512-Fu3T6pKBuxjWT/p4DkqGHFRsysc8OauWr4ZRTY9dIx07Y9O0RkoR5jcv28aeD1vuAwhm3nLkDurwLXoALp4DpQ==
 
+jwa@^1.1.5:
+  version "1.1.6"
+  resolved "https://registry.yarnpkg.com/jwa/-/jwa-1.1.6.tgz#87240e76c9808dbde18783cf2264ef4929ee50e6"
+  integrity sha512-tBO/cf++BUsJkYql/kBbJroKOgHWEigTKBAjjBEmrMGYd1QMBC74Hr4Wo2zCZw6ZrVhlJPvoMrkcOnlWR/DJfw==
+  dependencies:
+    buffer-equal-constant-time "1.0.1"
+    ecdsa-sig-formatter "1.0.10"
+    safe-buffer "^5.0.1"
+
+jws@^3.1.5:
+  version "3.1.5"
+  resolved "https://registry.yarnpkg.com/jws/-/jws-3.1.5.tgz#80d12d05b293d1e841e7cb8b4e69e561adcf834f"
+  integrity sha512-GsCSexFADNQUr8T5HPJvayTjvPIfoyJPtLQBwn5a4WZQchcrPMPMAWcC1AzJVRDKyD6ZPROPAxgv6rfHViO4uQ==
+  dependencies:
+    jwa "^1.1.5"
+    safe-buffer "^5.0.1"
+
 kind-of@^3.0.2, kind-of@^3.0.3, kind-of@^3.2.0:
   version "3.2.2"
   resolved "https://registry.yarnpkg.com/kind-of/-/kind-of-3.2.2.tgz#31ea21a734bab9bbb0f32466d893aea51e4a3c64"
@@ -4022,11 +4071,46 @@ lodash.get@^4.4.2:
   resolved "https://registry.yarnpkg.com/lodash.get/-/lodash.get-4.4.2.tgz#2d177f652fa31e939b4438d5341499dfa3825e99"
   integrity sha1-LRd/ZS+jHpObRDjVNBSZ36OCXpk=
 
+lodash.includes@^4.3.0:
+  version "4.3.0"
+  resolved "https://registry.yarnpkg.com/lodash.includes/-/lodash.includes-4.3.0.tgz#60bb98a87cb923c68ca1e51325483314849f553f"
+  integrity sha1-YLuYqHy5I8aMoeUTJUgzFISfVT8=
+
+lodash.isboolean@^3.0.3:
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/lodash.isboolean/-/lodash.isboolean-3.0.3.tgz#6c2e171db2a257cd96802fd43b01b20d5f5870f6"
+  integrity sha1-bC4XHbKiV82WgC/UOwGyDV9YcPY=
+
+lodash.isinteger@^4.0.4:
+  version "4.0.4"
+  resolved "https://registry.yarnpkg.com/lodash.isinteger/-/lodash.isinteger-4.0.4.tgz#619c0af3d03f8b04c31f5882840b77b11cd68343"
+  integrity sha1-YZwK89A/iwTDH1iChAt3sRzWg0M=
+
+lodash.isnumber@^3.0.3:
+  version "3.0.3"
+  resolved "https://registry.yarnpkg.com/lodash.isnumber/-/lodash.isnumber-3.0.3.tgz#3ce76810c5928d03352301ac287317f11c0b1ffc"
+  integrity sha1-POdoEMWSjQM1IwGsKHMX8RwLH/w=
+
+lodash.isplainobject@^4.0.6:
+  version "4.0.6"
+  resolved "https://registry.yarnpkg.com/lodash.isplainobject/-/lodash.isplainobject-4.0.6.tgz#7c526a52d89b45c45cc690b88163be0497f550cb"
+  integrity sha1-fFJqUtibRcRcxpC4gWO+BJf1UMs=
+
+lodash.isstring@^4.0.1:
+  version "4.0.1"
+  resolved "https://registry.yarnpkg.com/lodash.isstring/-/lodash.isstring-4.0.1.tgz#d527dfb5456eca7cc9bb95d5daeaf88ba54a5451"
+  integrity sha1-1SfftUVuynzJu5XV2ur4i6VKVFE=
+
 lodash.memoize@^4.1.2:
   version "4.1.2"
   resolved "https://registry.yarnpkg.com/lodash.memoize/-/lodash.memoize-4.1.2.tgz#bcc6c49a42a2840ed997f323eada5ecd182e0bfe"
   integrity sha1-vMbEmkKihA7Zl/Mj6tpezRguC/4=
 
+lodash.once@^4.0.0:
+  version "4.1.1"
+  resolved "https://registry.yarnpkg.com/lodash.once/-/lodash.once-4.1.1.tgz#0dd3971213c7c56df880977d504c88fb471a97ac"
+  integrity sha1-DdOXEhPHxW34gJd9UEyI+0cal6w=
+
 lodash.uniq@^4.5.0:
   version "4.5.0"
   resolved "https://registry.yarnpkg.com/lodash.uniq/-/lodash.uniq-4.5.0.tgz#d0225373aeb652adc1bc82e4945339a842754773"