diff --git a/common/protocol_test.go b/common/protocol_test.go
index a6efe1530a004a93a65da465c02f0f9526af1bfb..9af556221e782b3546e71108ecca0b8e98307ae4 100644
--- a/common/protocol_test.go
+++ b/common/protocol_test.go
@@ -62,6 +62,8 @@ func TestMain(m *testing.M) {
 	logger.InitLogger(logFilePath, 5, 1, 28, false, zerolog.DebugLevel)
 
 	os.Setenv("SFTPGO_DATA_PROVIDER__CREATE_DEFAULT_ADMIN", "1")
+	os.Setenv("SFTPGO_DEFAULT_ADMIN_USERNAME", "admin")
+	os.Setenv("SFTPGO_DEFAULT_ADMIN_PASSWORD", "password")
 	err := config.LoadConfig(configDir, "")
 	if err != nil {
 		logger.ErrorToConsole("error loading configuration: %v", err)
diff --git a/dataprovider/admin.go b/dataprovider/admin.go
index d6a43d020063b96cd08d4b1d9b4215c4e209398d..8b83cc8c99d22705ea8cb2ee5f38c13ea3783865 100644
--- a/dataprovider/admin.go
+++ b/dataprovider/admin.go
@@ -272,19 +272,15 @@ func (a *Admin) getACopy() Admin {
 	}
 }
 
-// setDefaults sets the appropriate value for the default admin
-func (a *Admin) setDefaults() {
-	envUsername := strings.TrimSpace(os.Getenv(`SFTPGO_DEFAULT_ADMIN_USERNAME`))
-	envPassword := strings.TrimSpace(os.Getenv(`SFTPGO_DEFAULT_ADMIN_PASSWORD`))
-
-	a.Username = "admin"
-	if envUsername != "" {
-		a.Username = envUsername
-	}
-	a.Password = "password"
-	if envPassword != "" {
-		a.Password = envPassword
+func (a *Admin) setFromEnv() error {
+	envUsername := strings.TrimSpace(os.Getenv("SFTPGO_DEFAULT_ADMIN_USERNAME"))
+	envPassword := strings.TrimSpace(os.Getenv("SFTPGO_DEFAULT_ADMIN_PASSWORD"))
+	if envUsername == "" || envPassword == "" {
+		return errors.New(`to create the default admin you need to set the env vars "SFTPGO_DEFAULT_ADMIN_USERNAME" and "SFTPGO_DEFAULT_ADMIN_PASSWORD"`)
 	}
+	a.Username = envUsername
+	a.Password = envPassword
 	a.Status = 1
 	a.Permissions = []string{PermAdminAny}
+	return nil
 }
diff --git a/dataprovider/dataprovider.go b/dataprovider/dataprovider.go
index 7b9b334a113d15231a505abd095ee9794d74d754..fd80ea337e6f0a4c01989260c649988cada7c0fd 100644
--- a/dataprovider/dataprovider.go
+++ b/dataprovider/dataprovider.go
@@ -580,7 +580,9 @@ func checkDefaultAdmin() error {
 	logger.Debug(logSender, "", "no admins found, try to create the default one")
 	// we need to create the default admin
 	admin := &Admin{}
-	admin.setDefaults()
+	if err := admin.setFromEnv(); err != nil {
+		return err
+	}
 	return provider.addAdmin(admin)
 }
 
diff --git a/docs/full-configuration.md b/docs/full-configuration.md
index a1693c09fd4bfa5cef024264fbdba741352d2e99..67e699bac7bc2fe3952e5da1a6837022166800b8 100644
--- a/docs/full-configuration.md
+++ b/docs/full-configuration.md
@@ -201,7 +201,7 @@ The configuration file contains the following sections:
   - `password_caching`, boolean. Verifying argon2id passwords has a high memory and computational cost, verifying bcrypt passwords has a high computational cost, by enabling, in memory, password caching you reduce these costs. Default: `true`
   - `update_mode`, integer. Defines how the database will be initialized/updated. 0 means automatically. 1 means manually using the initprovider sub-command.
   - `skip_natural_keys_validation`, boolean. If `true` you can use any UTF-8 character for natural keys as username, admin name, folder name. These keys are used in URIs for REST API and Web admin. If `false` only unreserved URI characters are allowed: ALPHA / DIGIT / "-" / "." / "_" / "~". Default: `false`.
-  - `create_default_admin`, boolean. If enabled, a default admin user with username `admin` and password `password` will be created on first start. The default values can be overridden using the environment variables `SFTPGO_DEFAULT_ADMIN_USERNAME` and `SFTPGO_DEFAULT_ADMIN_PASSWORD`. You can also create the first admin user by using the web interface or by loading initial data. Default `false`.
+  - `create_default_admin`, boolean. Before you can use SFTPGo you need to create an admin account. If you open the admin web UI, a setup screen will guide you in creating the first admin account. You can automatically create the first admin account by enabling this setting and setting the environment variables `SFTPGO_DEFAULT_ADMIN_USERNAME` and `SFTPGO_DEFAULT_ADMIN_PASSWORD`. You can also create the first admin by loading initial data. This setting has no effect if an admin account is already found within the data provider. Default `false`.
   - `is_shared`, integer. If the data provider is shared across multiple SFTPGo instances, set this parameter to `1`. `MySQL`, `PostgreSQL` and `CockroachDB` can be shared, this setting is ignored for other data providers. For shared data providers, SFTPGo periodically reloads the latest updated users, based on the `updated_at` field, and updates its internal caches if users are updated from a different instance. This check, if enabled, is executed every 10 minutes. Default: `0`.
 - **"httpd"**, the configuration for the HTTP server used to serve REST API and to expose the built-in web interface
   - `bindings`, list of structs. Each struct has the following fields:
diff --git a/ftpd/ftpd_test.go b/ftpd/ftpd_test.go
index be04b553c713a91369758d39a01ee1758d8c5b1b..8645637bbddf9a1818bb965d85a9156af61c566a 100644
--- a/ftpd/ftpd_test.go
+++ b/ftpd/ftpd_test.go
@@ -254,6 +254,8 @@ func TestMain(m *testing.M) {
 	// work in non atomic mode too
 	os.Setenv("SFTPGO_COMMON__UPLOAD_MODE", "2")
 	os.Setenv("SFTPGO_DATA_PROVIDER__CREATE_DEFAULT_ADMIN", "1")
+	os.Setenv("SFTPGO_DEFAULT_ADMIN_USERNAME", "admin")
+	os.Setenv("SFTPGO_DEFAULT_ADMIN_PASSWORD", "password")
 	err = config.LoadConfig(configDir, "")
 	if err != nil {
 		logger.ErrorToConsole("error loading configuration: %v", err)
diff --git a/httpd/httpd_test.go b/httpd/httpd_test.go
index 18f53fd90dad7678774d61951fc210650aba8ee1..d73e243669a839bfda21de4b4b64efcc92de3d8d 100644
--- a/httpd/httpd_test.go
+++ b/httpd/httpd_test.go
@@ -196,6 +196,8 @@ func TestMain(m *testing.M) {
 	logger.InitLogger(logfilePath, 5, 1, 28, false, zerolog.DebugLevel)
 	os.Setenv("SFTPGO_COMMON__UPLOAD_MODE", "2")
 	os.Setenv("SFTPGO_DATA_PROVIDER__CREATE_DEFAULT_ADMIN", "1")
+	os.Setenv("SFTPGO_DEFAULT_ADMIN_USERNAME", "admin")
+	os.Setenv("SFTPGO_DEFAULT_ADMIN_PASSWORD", "password")
 	err := config.LoadConfig(configDir, "")
 	if err != nil {
 		logger.WarnToConsole("error loading configuration: %v", err)
diff --git a/sftpd/sftpd_test.go b/sftpd/sftpd_test.go
index 5d1749fc3bdb7d78eecd3fd8060978c5e8d48b47..8fe9224204b189e2451d66ec11c7db1e3087879d 100644
--- a/sftpd/sftpd_test.go
+++ b/sftpd/sftpd_test.go
@@ -151,6 +151,8 @@ func TestMain(m *testing.M) {
 	}
 	os.Setenv("SFTPGO_COMMON__UPLOAD_MODE", "2")
 	os.Setenv("SFTPGO_DATA_PROVIDER__CREATE_DEFAULT_ADMIN", "1")
+	os.Setenv("SFTPGO_DEFAULT_ADMIN_USERNAME", "admin")
+	os.Setenv("SFTPGO_DEFAULT_ADMIN_PASSWORD", "password")
 	err = config.LoadConfig(configDir, "")
 	if err != nil {
 		logger.ErrorToConsole("error loading configuration: %v", err)
diff --git a/webdavd/webdavd_test.go b/webdavd/webdavd_test.go
index 3331350ef688f35a8b14838e065eeb1c646deca6..6148f1c8d2ca131781702c245dabfdebd4448c58 100644
--- a/webdavd/webdavd_test.go
+++ b/webdavd/webdavd_test.go
@@ -250,6 +250,8 @@ func TestMain(m *testing.M) {
 	logFilePath = filepath.Join(configDir, "sftpgo_webdavd_test.log")
 	logger.InitLogger(logFilePath, 5, 1, 28, false, zerolog.DebugLevel)
 	os.Setenv("SFTPGO_DATA_PROVIDER__CREATE_DEFAULT_ADMIN", "1")
+	os.Setenv("SFTPGO_DEFAULT_ADMIN_USERNAME", "admin")
+	os.Setenv("SFTPGO_DEFAULT_ADMIN_PASSWORD", "password")
 	err := config.LoadConfig(configDir, "")
 	if err != nil {
 		logger.ErrorToConsole("error loading configuration: %v", err)