diff --git a/html/inject/password_picker.html b/html/inject/password_picker.html
index f010b9be..66e40297 100644
--- a/html/inject/password_picker.html
+++ b/html/inject/password_picker.html
@@ -25,7 +25,7 @@
 <div id="password_picker">
     <div class="tabs">
         <div class="tab add" data-name="add"><span class="fa fa-plus" aria-hidden="true" t="[add_account, title]"></span></div>
-        <div class="tab list active" data-name="list"><span class="fa fa-list" aria-hidden="true" t="[accounts, title]"></span></div>
+        <div class="tab list" data-name="list"><span class="fa fa-list" aria-hidden="true" t="[accounts, title]"></span></div>
         <div class="tab search" data-name="search"><span class="fa fa-search" aria-hidden="true" t="[search, title]"></span></div>
         <div class="tab generate" data-name="generate"><span class="fa fa-refresh" aria-hidden="true" t="[password_generator, title]"></span></div>
         <div class="tab ignore" data-name="ignore"><span class="fa fa-ban" aria-hidden="true" t="[ignore_site_tab, title]"></span></div>
@@ -64,7 +64,7 @@ <h2 t="save_site"></h2>
             <button class="btn btn-success" id="savepw-save" t="save"></button>
             <button class="btn" id="savepw-cancel" t="cancel"></button>
         </div>
-        <div class="tab-list-content">
+        <div class="tab-list-content" style="display: none">
             <div class="no-credentials">
                 <div class="btn btn-secondary save" t="btn_save_site"></div>
                 <div class="clearfix"></div>
@@ -157,6 +157,12 @@ <h2 t="ignore_site"></h2>
                 <div class="btn btn-info disable-page" t="disable_page">Disable page</div>
             </div>
         </div>
+        <div class="tab-unlock-content" style="display: none">
+            <h2 t="browser_action_title_locked"></h2>
+            <div class="text">
+                <div style="line-height: 1.5em" t="extension_locked"></div>
+            </div>
+        </div>
     </div>
 </div>
 </body>
diff --git a/js/ui/password_picker/password_picker.js b/js/ui/password_picker/password_picker.js
index 7a7623ef..03d4bf6e 100644
--- a/js/ui/password_picker/password_picker.js
+++ b/js/ui/password_picker/password_picker.js
@@ -2,6 +2,15 @@ $(document).ready(function () {
     var _this = this;
     var storage = new API.Storage();
     var runtimeSettings = {};
+    var IsMasterPasswordSet = true;
+
+    API.runtime.sendMessage(API.runtime.id, {method: 'getMasterPasswordSet'}).then(function (MasterPasswordSet) {
+        if (!MasterPasswordSet) {
+            IsMasterPasswordSet = false;
+            $('.tabs > .tab').not('.close').hide();
+            makeTabActive('unlock');
+        }
+    });
 
     API.runtime.sendMessage(API.runtime.id, {'method': 'getRuntimeSettings'}).then(function (settings) {
         var accounts = settings.accounts;
@@ -281,49 +290,52 @@ $(document).ready(function () {
             disablePassman('url', tab.url);
         });
 
-        API.runtime.sendMessage(API.runtime.id, {
-            method: "getCredentialsByUrl",
-            args: [tab.url]
-        }).then(function (logins) {
-            if (logins.length === 0) {
-                API.runtime.sendMessage(API.runtime.id, {
-                    'method': 'getSetting',
-                    args: 'no_results_found_tab'
-                }).then(function (value) {
-                    makeTabActive(value);
-                });
-                return;
-            }
-            if (logins.length !== 0) {
-                picker.find('.tab-list-content').html('');
-                if(runtimeSettings.passwordPickerGotoList){
-                    makeTabActive('list');
+        if (IsMasterPasswordSet === false) {
+            makeTabActive('unlock');
+        } else {
+            API.runtime.sendMessage(API.runtime.id, {
+                method: "getCredentialsByUrl",
+                args: [tab.url]
+            }).then(function (logins) {
+                if (logins.length === 0) {
+                    API.runtime.sendMessage(API.runtime.id, {
+                        'method': 'getSetting',
+                        args: 'no_results_found_tab'
+                    }).then(function (value) {
+                        makeTabActive(value);
+                    });
+                    return;
                 }
-            }
-            for (var i = 0; i < logins.length; i++) {
-                var login = logins[i];
-                var div = $('<div>', {class: 'account', text: login.label});
-                $('<br>').appendTo(div);
-                var username = (login.username !== '' ) ? login.username : login.email;
-                $('<small>').text(username).appendTo(div);
-                /* jshint ignore:start */
-                div.click((function (login) {
-                    return function () {
-                        //enterLoginDetails(login);
-                        //API.runtime.sendMessage(API.runtime.id, {method: 'getMasterPasswordSet'})
-                        fillLogin(login)
-                    };
-                })(login));
-                /* jshint ignore:end*/
-
-                picker.find('.tab-list-content').append(div);
-            }
-        });
+                if (logins.length !== 0) {
+                    picker.find('.tab-list-content').html('');
+                    if(runtimeSettings.passwordPickerGotoList){
+                        makeTabActive('list');
+                    }
+                }
+                for (var i = 0; i < logins.length; i++) {
+                    var login = logins[i];
+                    var div = $('<div>', {class: 'account', text: login.label});
+                    $('<br>').appendTo(div);
+                    var username = (login.username !== '' ) ? login.username : login.email;
+                    $('<small>').text(username).appendTo(div);
+                    /* jshint ignore:start */
+                    div.click((function (login) {
+                        return function () {
+                            //enterLoginDetails(login);
+                            //API.runtime.sendMessage(API.runtime.id, {method: 'getMasterPasswordSet'})
+                            fillLogin(login)
+                        };
+                    })(login));
+                    /* jshint ignore:end*/
+
+                    picker.find('.tab-list-content').append(div);
+                }
+            });
+        }
     }
 
     _this.returnActiveTab = returnActiveTab;
 
-
     $('.no-credentials .save').on('click', function () {
         $('.tab.add').click();
     });
diff --git a/js/ui/popup/controllers/list.js b/js/ui/popup/controllers/list.js
index 595dc5a7..59e247c1 100644
--- a/js/ui/popup/controllers/list.js
+++ b/js/ui/popup/controllers/list.js
@@ -44,6 +44,7 @@
                 API.runtime.sendMessage(API.runtime.id, {method: "getMasterPasswordSet"}).then(function (isPasswordSet) {
                     //First check attributes
                     if (!isPasswordSet) {
+                        window.location = '#!/locked';
                         return;
                     }
 
diff --git a/js/ui/popup/controllers/main.js b/js/ui/popup/controllers/main.js
index 5011f5d5..19e05a01 100644
--- a/js/ui/popup/controllers/main.js
+++ b/js/ui/popup/controllers/main.js
@@ -57,8 +57,8 @@
             var initApp = function () {
                 port.onMessage.addListener(messageParser);
                 API.runtime.sendMessage(API.runtime.id, {method: "getMasterPasswordSet"}).then(function (isPasswordSet) {
-                    //First check attributes
                     if (!isPasswordSet) {
+                        window.location = '#!/locked';
                         return;
                     }
                     $scope.refreshing_credentials = true;
diff --git a/js/ui/popup/controllers/password_prompt.js b/js/ui/popup/controllers/password_prompt.js
index 6ecca611..045f2d10 100644
--- a/js/ui/popup/controllers/password_prompt.js
+++ b/js/ui/popup/controllers/password_prompt.js
@@ -43,6 +43,7 @@
             $rootScope.$broadcast('hideHeader');
             $scope.master_password_remember = false;
             $scope.master_password = '';
+
             $scope.apply_settings = function () {
                 $scope.saving = true;
                 $scope.invalidPassword = false;
diff --git a/js/ui/popup/controllers/search.js b/js/ui/popup/controllers/search.js
index 0dd2807b..55870ab9 100644
--- a/js/ui/popup/controllers/search.js
+++ b/js/ui/popup/controllers/search.js
@@ -34,6 +34,12 @@
      */
     angular.module('passmanExtension')
         .controller('SearchCtrl', ['$scope', function ($scope) {
+            API.runtime.sendMessage(API.runtime.id, {method: 'getMasterPasswordSet'}).then(function (MasterPasswordSet) {
+                if (!MasterPasswordSet) {
+                    window.location = '#!/locked';
+                }
+                $scope.$apply();
+            });
             $scope.found_credentials = false;
             $scope.searchText = '';
             $scope.search = function () {