diff --git a/jira-ruby.gemspec b/jira-ruby.gemspec
index 03a7fdd8..70ce734b 100644
--- a/jira-ruby.gemspec
+++ b/jira-ruby.gemspec
@@ -31,5 +31,5 @@ Gem::Specification.new do |s|
   s.add_development_dependency 'railties'
   s.add_development_dependency 'rake', '~> 13.2', '>= 13.2.1'
   s.add_development_dependency 'rspec', '~> 3.0', '>= 3.13'
-  s.add_development_dependency 'webmock', '~> 1.18', '>= 1.18.0'
+  s.add_development_dependency 'webmock', '~> 3.23', '>= 3.23.0'
 end
diff --git a/spec/jira/client_spec.rb b/spec/jira/client_spec.rb
index fd5b78ef..dfd04948 100644
--- a/spec/jira/client_spec.rb
+++ b/spec/jira/client_spec.rb
@@ -140,10 +140,12 @@
     subject { JIRA::Client.new(username: 'foo', password: 'bar', auth_type: :basic) }
 
     before(:each) do
-      stub_request(:get, 'https://foo:bar@localhost:2990/jira/rest/api/2/project')
+      stub_request(:get, 'https://localhost:2990/jira/rest/api/2/project')
+        .with(headers: { 'Authorization' => "Basic #{Base64.strict_encode64('foo:bar').chomp}" })
         .to_return(status: 200, body: '[]', headers: {})
 
-      stub_request(:get, 'https://foo:badpassword@localhost:2990/jira/rest/api/2/project')
+      stub_request(:get, 'https://localhost:2990/jira/rest/api/2/project')
+      .with(headers: { 'Authorization' => "Basic #{Base64.strict_encode64('foo:badpassword').chomp}" })
         .to_return(status: 401, headers: {})
     end
 
@@ -157,17 +159,17 @@
       expect(subject.options[:password]).to eq('bar')
     end
 
+    it 'only returns a true for #authenticated? once we have requested some data' do
+      expect(subject.authenticated?).to be_nil
+      expect(subject.Project.all).to be_empty
+      expect(subject.authenticated?).to be_truthy
+    end
+
     it 'fails with wrong user name and password' do
       bad_login = JIRA::Client.new(username: 'foo', password: 'badpassword', auth_type: :basic)
       expect(bad_login.authenticated?).to be_falsey
       expect { bad_login.Project.all }.to raise_error JIRA::HTTPError
     end
-
-    it 'only returns a true for #authenticated? once we have requested some data' do
-      expect(subject.authenticated?).to be_falsey
-      expect(subject.Project.all).to be_empty
-      expect(subject.authenticated?).to be_truthy
-    end
   end
 
   context 'with cookie authentication' do
diff --git a/spec/support/clients_helper.rb b/spec/support/clients_helper.rb
index a9df0477..c022b0fe 100644
--- a/spec/support/clients_helper.rb
+++ b/spec/support/clients_helper.rb
@@ -7,7 +7,7 @@ def with_each_client
     clients['http://localhost:2990'] = oauth_client
 
     basic_client = JIRA::Client.new(username: 'foo', password: 'bar', auth_type: :basic, use_ssl: false)
-    clients['http://foo:bar@localhost:2990'] = basic_client
+    clients['http://localhost:2990'] = basic_client
 
     clients.each do |site_url, client|
       yield site_url, client