When connecting to the database with the postgres user I realized it accepts any password or no password even though the user has a password set. I don’t know if this happens also when using the installer to install PostgreSQL, in my case I used initdb to set it up. I remember it mentioned something regarding “trust” after setting it up but didn’t take much notice until I realized it accepts any password.

In pg_hba.conf it adds all local connections to be trusted which means connecting from the same host doesn’t need to authenticate.

host    all             all               trust

If you don’t like that just change it to another method, for example md5.