diff --git a/docs/API.md b/docs/API.md
index 1c23e210..618ba490 100644
--- a/docs/API.md
+++ b/docs/API.md
@@ -159,10 +159,10 @@ Logging out is not supported by design. If an application needs to change the us
 
 ### Authentication
 
-The server comes with three authentication methods out of the box: `basic`, `token`, and `anon`:
+The server comes with three authentication methods out of the box: `basic`, `token`, and `anonymous`:
  * `basic` provides authentication by a login-password pair.
  * `token` provides authentication by a cryptographic token.
- * `anon` is "anonymous authentication" designed for cases where users are temporary, such as handling customer support requests through chat.
+ * `anonymous` is designed for cases where users are temporary, such as handling customer support requests through chat.
 
 Any other authentication method can be implemented using plugins.
 
@@ -172,9 +172,9 @@ Authenticators are used during account registration [`{acc}`](#acc) and during [
 
 #### Creating an Account
 
-When a new account is created, the user must inform the server which authentication method will be later used to gain access to this account as well as provide shared secret, if appropriate. Only `basic` and `anon` can be used during account creation. The `basic` requires the user to generate and send a unique login and password to the server. The `anon` does not exchange secrets.
+When a new account is created, the user must inform the server which authentication method will be later used to gain access to this account as well as provide shared secret, if appropriate. Only `basic` and `anonymous` can be used during account creation. The `basic` requires the user to generate and send a unique login and password to the server. The `anonymous` does not exchange secrets.
 
-User may optionally set `{acc login=true}` to use the new account for immediate authentication. When `login=false` (or not set), the new account is created but the authentication status of the session which created the account remains unchanged. When `login=true` the server will attempt to authenticate the session with the new account, the response to the `{acc}` request will contain the authentication token on success. This is particularly important for the `anon` authentication.
+User may optionally set `{acc login=true}` to use the new account for immediate authentication. When `login=false` (or not set), the new account is created but the authentication status of the session which created the account remains unchanged. When `login=true` the server will attempt to authenticate the session with the new account, the response to the `{acc}` request will contain the authentication token on success. This is particularly important for the `anonymous` authentication.
 
 #### Logging in
 
@@ -581,7 +581,7 @@ acc: {
 Server responds with a `{ctrl}` message with `params` containing details of the new user. If `desc.defacs` is missing,
 server will assign server-default access values.
 
-The only supported authentication schemes for account creation are `basic` and `anon`.
+The only supported authentication schemes for account creation are `basic` and `anonymous`.
 
 #### `{login}`
 
@@ -605,7 +605,7 @@ login: {
 ```
 The `basic` authentication scheme expects `secret` to be a base64-encoded string of a string composed of a user name followed by a colon `:` followed by a plan text password. User name in the `basic` scheme must not contain colon character ':' (ASCII 0x3A). The `token` expects secret to be a previously obtained security token.
 
-The only supported authentication schemes are `basic` and `token`. Although `anon` scheme can be used to create accounts, it cannot be used for logging in. A scheme `reset` can be used for password reset.
+The only supported authentication schemes are `basic` and `token`. Although `anonymous` scheme can be used to create accounts, it cannot be used for logging in. A scheme `reset` can be used for password reset.
 
 Server responds to a `{login}` packet with a `{ctrl}` message. The `params` of the message contains the id of the logged in user as `user`. The `token` contains an encrypted string which can be used for authentication. Expiration time of the token is passed as `expires`.
 
diff --git a/pbx/py_fix.py b/pbx/py_fix.py
index 274209cb..2a370bb1 100644
--- a/pbx/py_fix.py
+++ b/pbx/py_fix.py
@@ -4,8 +4,8 @@
 model_pb2_grpc = "../py_grpc/tinode_grpc/model_pb2_grpc.py"
 
 with open(model_pb2_grpc, "r") as fh:
-    content = fh.read().replace("import model_pb2 as model__pb2",
-        "from . import model_pb2 as model__pb2")
+    content = fh.read().replace("\nimport model_pb2 as model__pb2",
+        "\nfrom . import model_pb2 as model__pb2")
 
     with open(model_pb2_grpc,"w") as fh:
         fh.write(content)
diff --git a/server/auth/anon/auth_anon.go b/server/auth/anon/auth_anon.go
index bf671bfc..52ca4122 100644
--- a/server/auth/anon/auth_anon.go
+++ b/server/auth/anon/auth_anon.go
@@ -18,8 +18,12 @@ func (AnonAuth) Init(unused string) error {
 	return nil
 }
 
-// AddRecord is a noop. Just report success.
+// AddRecord checks authLevel and assigns default LevelAnon. Otherwise it
+// just reports success.
 func (AnonAuth) AddRecord(rec *auth.Rec, secret []byte) (*auth.Rec, error) {
+	if rec.AuthLevel == auth.LevelNone {
+		rec.AuthLevel = auth.LevelAnon
+	}
 	return rec, nil
 }
 
diff --git a/tn-cli/tn-cli.py b/tn-cli/tn-cli.py
index 19462d0c..e568283f 100644
--- a/tn-cli/tn-cli.py
+++ b/tn-cli/tn-cli.py
@@ -26,7 +26,7 @@ from tinode_grpc import pb
 from tinode_grpc import pbx
 
 APP_NAME = "tn-cli"
-APP_VERSION = "0.15"
+APP_VERSION = "1.0.0"
 LIB_VERSION = pkg_resources.get_distribution("tinode_grpc").version
 
 # Dictionary wich contains lambdas to be executed when server response is received
@@ -114,10 +114,13 @@ def accMsg(id, user, scheme, secret, uname, password, do_login, fn, photo, priva
         if password == None:
             password = ''
         secret = str(uname) + ":" + str(password)
-    if secret != None:
-        secret=secret.encode('utf-8')
-    public = encode_to_bytes(make_vcard(fn, photo))
-    private = encode_to_bytes(private)
+    if secret:
+        secret = secret.encode('utf-8')
+    else:
+        secret = b''
+    print(default_user)
+    public = encode_to_bytes(make_vcard(fn, photo)) if (fn or photo) else None
+    private = encode_to_bytes(private) if private else None
     return pb.ClientMsg(acc=pb.ClientAcc(id=str(id), user_id=user,
         scheme=scheme, secret=secret, login=do_login, tags=tags.split(",") if tags else None,
         desc=pb.SetDesc(default_acs=pb.DefaultAcsMode(auth=auth, anon=anon),