diff --git a/helpers.lua b/helpers.lua
index 23f0446..26d654b 100644
--- a/helpers.lua
+++ b/helpers.lua
@@ -276,7 +276,7 @@ function validate_or_clear_basic_auth_header_provided_by_client()
 
     -- Try to authenticate the user,
     -- or remove the Auth header if not valid
-    _, _, user, password = string.find(ngx.decode_base64(b64_cred), "^(.+):(.+)$")
+    _, _, user, password = string.find(ngx.decode_base64(b64_cred), "^([^:]+):(.+)$")
     user = authenticate(user, password)
     if user then
         logger.debug("User got authenticated through basic auth")