diff --git a/src/Client/ZB.MOM.WW.OtOpcUa.Client.UI/Services/UserSettings.cs b/src/Client/ZB.MOM.WW.OtOpcUa.Client.UI/Services/UserSettings.cs
index 8462f43..bde8224 100644
--- a/src/Client/ZB.MOM.WW.OtOpcUa.Client.UI/Services/UserSettings.cs
+++ b/src/Client/ZB.MOM.WW.OtOpcUa.Client.UI/Services/UserSettings.cs
@@ -17,11 +17,6 @@ public sealed class UserSettings
     /// </summary>
     public string? Username { get; set; }
 
-    /// <summary>
-    /// Gets or sets the persisted password for authenticated sessions.
-    /// </summary>
-    public string? Password { get; set; }
-
     /// <summary>
     /// Gets or sets the transport security mode selected by the user.
     /// </summary>
diff --git a/src/Client/ZB.MOM.WW.OtOpcUa.Client.UI/ViewModels/MainWindowViewModel.cs b/src/Client/ZB.MOM.WW.OtOpcUa.Client.UI/ViewModels/MainWindowViewModel.cs
index a3beb9f..f73b39c 100644
--- a/src/Client/ZB.MOM.WW.OtOpcUa.Client.UI/ViewModels/MainWindowViewModel.cs
+++ b/src/Client/ZB.MOM.WW.OtOpcUa.Client.UI/ViewModels/MainWindowViewModel.cs
@@ -380,7 +380,7 @@ public partial class MainWindowViewModel : ObservableObject
         var s = _settingsService.Load();
         EndpointUrl = s.EndpointUrl;
         Username = s.Username;
-        Password = s.Password;
+        // Password is intentionally not persisted (security: re-prompt each launch)
         SelectedSecurityMode = s.SecurityMode;
         FailoverUrls = s.FailoverUrls;
         SessionTimeoutSeconds = s.SessionTimeoutSeconds;
@@ -400,7 +400,7 @@ public partial class MainWindowViewModel : ObservableObject
         {
             EndpointUrl = EndpointUrl,
             Username = Username,
-            Password = Password,
+            // Password is intentionally not persisted (security: re-prompt each launch)
             SecurityMode = SelectedSecurityMode,
             FailoverUrls = FailoverUrls,
             SessionTimeoutSeconds = SessionTimeoutSeconds,
diff --git a/tests/Client/ZB.MOM.WW.OtOpcUa.Client.UI.Tests/MainWindowViewModelTests.cs b/tests/Client/ZB.MOM.WW.OtOpcUa.Client.UI.Tests/MainWindowViewModelTests.cs
index deeb8ad..23c6352 100644
--- a/tests/Client/ZB.MOM.WW.OtOpcUa.Client.UI.Tests/MainWindowViewModelTests.cs
+++ b/tests/Client/ZB.MOM.WW.OtOpcUa.Client.UI.Tests/MainWindowViewModelTests.cs
@@ -438,7 +438,6 @@ public class MainWindowViewModelTests
         {
             EndpointUrl = "opc.tcp://saved:5555",
             Username = "savedUser",
-            Password = "savedPass",
             SecurityMode = SecurityMode.Sign,
             FailoverUrls = "opc.tcp://backup:5555",
             SessionTimeoutSeconds = 120,
@@ -458,7 +457,8 @@ public class MainWindowViewModelTests
 
         vm.EndpointUrl.ShouldBe("opc.tcp://saved:5555");
         vm.Username.ShouldBe("savedUser");
-        vm.Password.ShouldBe("savedPass");
+        // Password is intentionally not persisted: re-prompt each launch
+        vm.Password.ShouldBeNull();
         vm.SelectedSecurityMode.ShouldBe(SecurityMode.Sign);
         vm.FailoverUrls.ShouldBe("opc.tcp://backup:5555");
         vm.SessionTimeoutSeconds.ShouldBe(120);