diff --git a/lib/passport-http/strategies/basic.js b/lib/passport-http/strategies/basic.js
index a1f251c..6e0cbb3 100644
--- a/lib/passport-http/strategies/basic.js
+++ b/lib/passport-http/strategies/basic.js
@@ -72,7 +72,7 @@ BasicStrategy.prototype.authenticate = function(req) {
   if (parts.length < 2) { return this.fail(400); }
   
   var scheme = parts[0]
-    , credentials = new Buffer(parts[1], 'base64').toString().split(':');
+    , credentials = new Buffer(parts[1], 'base64').toString().split(/:(.*)/);
 
   if (!/Basic/i.test(scheme)) { return this.fail(this._challenge()); }
   if (credentials.length < 2) { return this.fail(400); }
diff --git a/test/strategies/basic-test.js b/test/strategies/basic-test.js
index 6a5b453..8afca8c 100644
--- a/test/strategies/basic-test.js
+++ b/test/strategies/basic-test.js
@@ -440,4 +440,40 @@ vows.describe('BasicStrategy').addBatch({
     },
   },
 
+  'strategy handling a request containing a colon in the password': {
+    topic: function() {
+      var strategy = new BasicStrategy(function(userid, password, done) {
+        done(null, { username: userid, password: password });
+      });
+      return strategy;
+    },
+    
+    'after augmenting with actions': {
+      topic: function(strategy) {
+        var self = this;
+        var req = {};
+        strategy.success = function(user) {
+          self.callback(null, user);
+        }
+        strategy.fail = function() {
+          self.callback(new Error('should not be called'));
+        }
+        
+        req.headers = {};
+        req.headers.authorization = 'Basic Ym9iOnNlY3JldDpwYXNzd29yZA==';
+        process.nextTick(function () {
+          strategy.authenticate(req);
+        });
+      },
+      
+      'should not generate an error' : function(err, user) {
+        assert.isNull(err);
+      },
+      'should authenticate' : function(err, user) {
+        assert.equal(user.username, 'bob');
+        assert.equal(user.password, 'secret:password');
+      },
+    },
+  },
+
 }).export(module);