diff --git a/CHANGES-4.3.md b/CHANGES-4.3.md
index efd3c5db7..6f991e9c0 100644
--- a/CHANGES-4.3.md
+++ b/CHANGES-4.3.md
@@ -39,6 +39,7 @@ File format:
 * Fix the MQTT-SN message replay when the topic is not registered to the client [#6970]
 * Fix rpc get node info maybe crash when other nodes is not ready.
 * Fix false alert level log “cannot_find_plugins” caused by duplicate plugin names in `loaded_plugins` files.
+* Prompt user how to change the dashboard's initial default password when emqx start.
 
 ## v4.3.12
 ### Important changes
diff --git a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl
index 94c5c3cda..c9e9bee3c 100644
--- a/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl
+++ b/lib-ce/emqx_dashboard/src/emqx_dashboard_admin.erl
@@ -21,6 +21,7 @@
 -behaviour(gen_server).
 
 -include("emqx_dashboard.hrl").
+-include_lib("emqx/include/logger.hrl").
 
 -boot_mnesia({mnesia, [boot]}).
 -copy_mnesia({mnesia, [copy]}).
@@ -218,11 +219,34 @@ binenv(Key) ->
     iolist_to_binary(application:get_env(emqx_dashboard, Key, "")).
 
 add_default_user(Username, Password) when ?EMPTY_KEY(Username) orelse ?EMPTY_KEY(Password) ->
-    igonre;
+    ignore;
 
 add_default_user(Username, Password) ->
     case lookup_user(Username) of
         [] -> add_user(Username, Password, <<"administrator">>);
-        _  -> ok
-    end.
-
+        _  ->
+            case check(Username, Password) of
+                ok ->
+                    ?LOG(warning,
+                        "[Dashboard] The initial default password for dashboard 'admin' user in emqx_dashboard.conf\n"
+                        "For safety, it should be changed as soon as possible.\n"
+                        "Please use the './bin/emqx_ctl admins' CLI to change it.\n"
+                        "Then remove `dashboard.default_user.login/password` from emqx_dashboard.conf"
+                    );
+                {error, _} ->
+                    %% We can't force add default,
+                    %% otherwise passwords that have been updated via HTTP API will be reset after reboot.
+                    ?LOG(warning,
+                        "[Dashboard] dashboard.default_user.password in the plugins/emqx_dashboard.conf\n"
+                        "does not match the password in the database(mnesia).\n"
+                        "1. If you have already changed the password via the HTTP API or `./bin/emqx_ctl admins`,"
+                        "this warning has no effect.\n"
+                        "You should remove the `dashboard.default_user.login/password` from emqx_dashboard.conf "
+                        "to resolve this warning.\n"
+                        "2. If you just want to update the password by manually changing the configuration file,\n"
+                        "you need to delete the old user and password using `emqx_ctl admins del ~s` first\n"
+                        "the new password in emqx_dashboard.conf can take effect after reboot.",
+                        [])
+            end
+    end,
+    ok.