When connecting to the database with the postgres user I realized it accepts any password or no password even though the user has a password set. I don’t know if this happens also when using the installer to install PostgreSQL, in my case I used initdb to set it up. I remember it mentioned something regarding “trust” after setting it up but didn’t take much notice until I realized it accepts any password.

In pg_hba.conf it adds all local connections to be trusted which means connecting from the same host doesn’t need to authenticate.

host    all             all             127.0.0.1/32            trust

If you don’t like that just change it to another method, for example md5.