OK so I started without a secure OTA password when I was just playing around with esphome. I want to tighten up.
If I change the ota password in the yaml file, how will I be able to update? I assume esphome will try to use the new password, which will fail because it has changed? I could use serial/usb I suppose, but there must be a better way.
I could be wrong but I think from memory that the password is actually requested from you by the ESPhome GUI when you try to send an OTA update. So it asks you for the password which you have to type in manually which it will then check against what is stored in its file. When you try to send the update there will be no request for a password since it was previously blank, but then going forward you would need to enter whatever password you put in the new yaml file
I have never had the GUI aks me for the password - I did have one set, but it was a silly password.
Upon digging into the config, OttoWinter has it covered already, as you’d expect!
ah cool. yeah, I wasn’t sure if I was talking $#!t or not… seems I was 
I think (after my reading tonight) that you are referring to a password for the web dashboard - https://esphome.io/guides/cli.html#dashboard-command
So you weren’t entirely talking $#!t