diff --git a/guide/install-manual.md b/guide/install-manual.md
index 72a45ac..f50b0c2 100644
--- a/guide/install-manual.md
+++ b/guide/install-manual.md
@@ -84,8 +84,7 @@ Moonfire NVR can be run as a systemd service. Create
     [Service]
     ExecStart=/usr/local/bin/moonfire-nvr run \
         --db-dir=/var/lib/moonfire-nvr/db \
-        --http-addr=0.0.0.0:8080 \
-        --require-auth=false
+        --http-addr=0.0.0.0:8080
     Environment=TZ=:/etc/localtime
     Environment=MOONFIRE_FORMAT=google-systemd
     Environment=MOONFIRE_LOG=info
diff --git a/guide/secure.md b/guide/secure.md
index 49319ea..c06248e 100644
--- a/guide/secure.md
+++ b/guide/secure.md
@@ -153,15 +153,13 @@ In your `/etc/systemd/system/moonfire-nvr.service` file, look for these lines:
 
 ```
 ExecStart=/usr/local/bin/moonfire-nvr run \
-    ...
-    --http-addr=0.0.0.0:8080 \
-    --require-auth=false
+    --db-dir=/var/lib/moonfire-nvr/db \
+    --http-addr=0.0.0.0:8080
 ```
 
-Change `--require-auth=false` to `--require-auth=true --trust-forward-hdrs`.
-This change has two effects:
+Add `--require-auth --trust-forward-hdrs`. This change has two effects:
 
-   * `--require-auth=true` means that web users must authenticate.
+   * `--require-auth` means that web users must authenticate.
    * `--trust-forward-hdrs` means that Moonfire NVR will look for `X-Real-IP`
      and `X-Forwarded-Proto` headers as added by the webserver configuration
      in the next section.
diff --git a/scripts/install.sh b/scripts/install.sh
index 40512e3..995e71d 100755
--- a/scripts/install.sh
+++ b/scripts/install.sh
@@ -106,8 +106,7 @@ After=network-online.target
 ExecStart=${SERVICE_BIN} run \\
     --db-dir=${DB_DIR} \\
     --ui-dir=${LIB_DIR}/ui \\
-    --http-addr=0.0.0.0:${NVR_PORT} \
-    --require=auth=false
+    --http-addr=0.0.0.0:${NVR_PORT}
 Environment=TZ=:/etc/localtime
 Environment=MOONFIRE_FORMAT=google-systemd
 Environment=MOONFIRE_LOG=info
diff --git a/src/cmds/run.rs b/src/cmds/run.rs
index ec7b874..29ef123 100644
--- a/src/cmds/run.rs
+++ b/src/cmds/run.rs
@@ -66,8 +66,7 @@ Options:
     --http-addr=ADDR       Set the bind address for the unencrypted HTTP server.
                            [default: 0.0.0.0:8080]
     --read-only            Forces read-only mode / disables recording.
-    --require-auth=BOOL    Requires authentication to access the web interface.
-                           [default: true]
+    --require-auth         Requires authentication to access the web interface.
     --trust-forward-hdrs   Trust X-Real-IP: and X-Forwarded-Proto: headers on
                            the incoming request. Set this only after ensuring
                            your proxy server is configured to set them and that