diff --git a/edivorce/apps/core/templates/localdev/bceid.html b/edivorce/apps/core/templates/localdev/bceid.html
index 4d2a44e0..43cc271a 100644
--- a/edivorce/apps/core/templates/localdev/bceid.html
+++ b/edivorce/apps/core/templates/localdev/bceid.html
@@ -35,7 +35,7 @@
     <header id="bcGov" class="no-gov-brand">
         <div class="container">
             <div class="seperator"></div>
-            <div id="login-to" class="site-title">Log in to justice.gov.bc.ca/divorce</div>
+            <div id="login-to" class="site-title">FAKE BCeID LOGIN &ndash; FOR SOFTWARE DEVELOPMENT PURPOSES ONLY</div>
         </div>
     </header>
 
diff --git a/edivorce/apps/core/views/localdev.py b/edivorce/apps/core/views/localdev.py
index 51e80b59..fbe11f69 100644
--- a/edivorce/apps/core/views/localdev.py
+++ b/edivorce/apps/core/views/localdev.py
@@ -11,6 +11,12 @@ def bceid(request):
     """ fake bceid login for developer workstation environment """
     if request.method == "POST":
         login_name = request.POST.get('user', '')
+        password = request.POST.get('password', '')
+
+        # just in case anyone from the general public discovers the dev server
+        # make sure they don't accidentally login and think this is production
+        if password.lower() != 'divorce':
+            return redirect(settings.FORCE_SCRIPT_NAME[:-1] + '/bceid')
 
         # convert the login name to a guid
         hex_name = decode(binascii.hexlify(str.encode(login_name)))[0]