diff --git a/services/web/test/acceptance/config/settings.test.defaults.js b/services/web/test/acceptance/config/settings.test.defaults.js
index a65a02d1ab..da0c909e99 100644
--- a/services/web/test/acceptance/config/settings.test.defaults.js
+++ b/services/web/test/acceptance/config/settings.test.defaults.js
@@ -35,7 +35,7 @@ module.exports = {
     },
 
     haveIBeenPwned: {
-      enabled: true,
+      enabled: false,
       url: 'http://localhost:1337',
     },
   },
diff --git a/services/web/test/acceptance/src/HaveIBeenPwnedApiTests.js b/services/web/test/acceptance/src/HaveIBeenPwnedApiTests.js
index d65c2aa807..a0dee05d3c 100644
--- a/services/web/test/acceptance/src/HaveIBeenPwnedApiTests.js
+++ b/services/web/test/acceptance/src/HaveIBeenPwnedApiTests.js
@@ -1,3 +1,4 @@
+const Settings = require('@overleaf/settings')
 const { expect } = require('chai')
 const User = require('./helpers/User').promises
 const MockHaveIBeenPwnedApiClass = require('./mocks/MockHaveIBeenPwnedApi')
@@ -60,6 +61,13 @@ async function resetPassword(password) {
 }
 
 describe('HaveIBeenPwnedApi', function () {
+  before(function () {
+    Settings.apis.haveIBeenPwned.enabled = true
+  })
+  after(function () {
+    Settings.apis.haveIBeenPwned.enabled = false
+  })
+
   describe('login with weak password', function () {
     beforeEach(function () {
       user = new User()