diff --git a/security/author_spec.rb b/security/author_spec.rb
index 086ae1e..69179e3 100644
--- a/security/author_spec.rb
+++ b/security/author_spec.rb
@@ -4,9 +4,10 @@
   before :each do
     @conf = read_config
     @aem_author = init_author_client(@conf['aem']['author'])
+    init_web_client(@conf['aem']['author'])
   end
 
-  it 'should not be able to login using default admin password' do
+  it 'should not be able to make api calls using default credentials' do
     # use aem api calls
     aem = @aem_author.aem
     begin
@@ -18,4 +19,13 @@
     # no result due to error raised
     expect(result).to eq(nil)
   end
+
+  it 'should not be able to login using default admin password' do
+    visit '/libs/granite/core/content/login.html'
+    fill_in('username', with: 'admin')
+    fill_in('password', with: 'admin')
+    click_button('submit-button')
+    error = find('#error').text
+    expect(error).to eq('User name and password do not match')
+  end
 end
diff --git a/security/publish_dispatcher_spec.rb b/security/publish_dispatcher_spec.rb
index 79952c1..9865dfb 100755
--- a/security/publish_dispatcher_spec.rb
+++ b/security/publish_dispatcher_spec.rb
@@ -3,7 +3,7 @@
 describe 'Publish-Dispatcher', type: :feature do
   before :each do
     @conf = read_config
-    init_dispatcher_client(@conf['aem']['dispatcher'])
+    init_web_client(@conf['aem']['dispatcher'])
   end
 
   it 'should set up DoS prevention by making /.json inaccessible' do
diff --git a/security/publish_spec.rb b/security/publish_spec.rb
index e4519c0..666dd8b 100644
--- a/security/publish_spec.rb
+++ b/security/publish_spec.rb
@@ -4,6 +4,7 @@
   before :each do
     @conf = read_config
     @aem_publish = init_publish_client(@conf['aem']['publish'])
+    init_web_client(@conf['aem']['publish'])
   end
 
   it 'should not be able to start bundle with default credentials' do
@@ -19,4 +20,13 @@
     # no result due to error raised
     expect(result).to eq(nil)
   end
+
+  it 'should not be able to login with default credentials' do
+    visit '/libs/granite/core/content/login.html'
+    fill_in('username', with: 'admin')
+    fill_in('password', with: 'admin')
+    click_button('submit-button')
+    error = find('#error').text
+    expect(error).to eq('User name and password do not match')
+  end
 end
diff --git a/spec_helper.rb b/spec_helper.rb
index c734d60..7f0e542 100755
--- a/spec_helper.rb
+++ b/spec_helper.rb
@@ -31,7 +31,7 @@ def init_publish_client(conf)
   )
 end
 
-def init_dispatcher_client(conf)
+def init_web_client(conf)
   Capybara.register_driver :poltergeist do |app|
     Capybara::Poltergeist::Driver.new(app, js_errors: false)
   end