diff --git a/route/new.js b/route/new.js
index 18bb0eb..97a7cda 100644
--- a/route/new.js
+++ b/route/new.js
@@ -41,7 +41,9 @@ function route (app) {
 			url: req.body.url,
 			standard: req.body.standard,
 			ignore: req.body.ignore || [],
-			timeout: req.body.timeout
+			timeout: req.body.timeout,
+			username: req.body.username,
+			password: req.body.password
 		};
 		app.webservice.tasks.create(newTask, function (err, task) {
 			if (err) {
diff --git a/route/task/edit.js b/route/task/edit.js
index 882358a..0f426a6 100644
--- a/route/task/edit.js
+++ b/route/task/edit.js
@@ -61,6 +61,8 @@ function route (app) {
 					task.name = req.body.name;
 					task.ignore = req.body.ignore;
 					task.timeout = req.body.timeout;
+					task.username = req.body.username;
+					task.password = req.body.password;
 					var standards = getStandards().map(function (standard) {
 						if (standard.title === task.standard) {
 							standard.selected = true;
diff --git a/test/functional/route/new.js b/test/functional/route/new.js
index 0608314..06fea7f 100644
--- a/test/functional/route/new.js
+++ b/test/functional/route/new.js
@@ -64,6 +64,20 @@ describe('GET /new', function () {
 			assert.strictEqual(field.getAttribute('value'), '');
 		});
 
+		it('should have a "username" field', function () {
+			var field = this.form.querySelectorAll('input[name=username]')[0];
+			assert.isDefined(field);
+			assert.strictEqual(field.getAttribute('type'), 'text');
+			assert.strictEqual(field.getAttribute('value'), '');
+		});
+
+		it('should have a "password" field', function () {
+			var field = this.form.querySelectorAll('input[name=password]')[0];
+			assert.isDefined(field);
+			assert.strictEqual(field.getAttribute('type'), 'text');
+			assert.strictEqual(field.getAttribute('value'), '');
+		});
+
 		it('should have a "standard" field', function () {
 			var field = this.form.querySelectorAll('select[name=standard]')[0];
 			assert.isDefined(field);
diff --git a/test/functional/route/task/edit.js b/test/functional/route/task/edit.js
index 56f07be..0d38f34 100644
--- a/test/functional/route/task/edit.js
+++ b/test/functional/route/task/edit.js
@@ -71,6 +71,20 @@ describe('GET /<task-id>/edit', function () {
 			assert.isDefined(field.getAttribute('disabled'));
 		});
 
+		it('should have a "username" field', function () {
+			var field = this.form.querySelectorAll('input[name=username]')[0];
+			assert.isDefined(field);
+			assert.strictEqual(field.getAttribute('type'), 'text');
+			assert.strictEqual(field.getAttribute('value'), 'user');
+		});
+
+		it('should have a "password" field', function () {
+			var field = this.form.querySelectorAll('input[name=password]')[0];
+			assert.isDefined(field);
+			assert.strictEqual(field.getAttribute('type'), 'text');
+			assert.strictEqual(field.getAttribute('value'), 'access');
+		});
+
 		it('should have "ignore" fields', function () {
 			var fields = this.form.querySelectorAll('input[name="ignore[]"]');
 			assert.isDefined(fields);
@@ -89,6 +103,8 @@ describe('POST /<task-id>/edit', function () {
 			endpoint: '/abc000000000000000000001/edit',
 			body: {
 				name: 'foo',
+				username: 'newuser',
+				password: 'secure',
 				ignore: ['bar', 'baz']
 			}
 		};
@@ -102,6 +118,8 @@ describe('POST /<task-id>/edit', function () {
 	it('should edit the task', function (done) {
 		this.webservice.task('abc000000000000000000001').get({}, function (err, task) {
 			assert.strictEqual(task.name, 'foo');
+			assert.strictEqual(task.username, 'newuser');
+			assert.strictEqual(task.password, 'secure');
 			assert.deepEqual(task.ignore, ['bar', 'baz']);
 			done();
 		});
diff --git a/view/new.html b/view/new.html
index f20c251..ab77cb8 100644
--- a/view/new.html
+++ b/view/new.html
@@ -74,6 +74,24 @@ along with pa11y-dashboard.  If not, see <http://www.gnu.org/licenses/>.
 		</div>
 	</div>
 
+	<div class="form-group clearfix">
+		<div class="row">
+			<div class="col-md-4 col-sm-4 col-xs-6">
+				<label class="control-label" for="new-task-username">Username</label>
+				<input class="form-control" id="new-task-username" type="text" name="username" value="{{task.username}}"/>
+			</div>
+		</div>
+	</div>
+
+	<div class="form-group clearfix">
+		<div class="row">
+			<div class="col-md-4 col-sm-4 col-xs-6">
+				<label class="control-label" for="new-task-password">Password</label>
+				<input class="form-control" id="new-task-password" type="text" name="password" value="{{task.password}}"/>
+			</div>
+		</div>
+	</div>
+
 	<p class="control-label"><b>Ignore these rules</b> <a target="_blank" href="https://github.com/nature/pa11y/wiki/HTML-CodeSniffer-Rules">(full list of rules here)</a></p>
 
 	<div class="standards-lists">
diff --git a/view/task/edit.html b/view/task/edit.html
index 2f05b30..53236cd 100644
--- a/view/task/edit.html
+++ b/view/task/edit.html
@@ -86,6 +86,24 @@ along with pa11y-dashboard.  If not, see <http://www.gnu.org/licenses/>.
 		</div>
 	</div>
 
+	<div class="form-group clearfix">
+		<div class="row">
+			<div class="col-md-4 col-sm-4 col-xs-6">
+				<label class="control-label" for="new-task-username">Username</label>
+				<input class="form-control" id="new-task-username" type="text" name="username" value="{{task.username}}"/>
+			</div>
+		</div>
+	</div>
+
+	<div class="form-group clearfix">
+		<div class="row">
+			<div class="col-md-4 col-sm-4 col-xs-6">
+				<label class="control-label" for="new-task-password">Password</label>
+				<input class="form-control" id="new-task-password" type="text" name="password" value="{{task.password}}"/>
+			</div>
+		</div>
+	</div>
+
 	<p class="control-label"><b>Ignore these rules</b> <a target="_blank" href="https://github.com/nature/pa11y/wiki/HTML-CodeSniffer-Rules">(full list of rules here)</a></p>
 
 	<div class="standards-lists">