diff --git a/auth/credential_store_test.go b/auth/credential_store_test.go
index 8590ab19..4352c825 100644
--- a/auth/credential_store_test.go
+++ b/auth/credential_store_test.go
@@ -286,6 +286,9 @@ func Test_AuthPermsAA(t *testing.T) {
 	if !store.AA("username2", "password2", "baz") {
 		t.Fatalf("username2 not authenticated and authorized for baz")
 	}
+	if store.AA("username2", "password1", "baz") {
+		t.Fatalf("username2 authenticated and authorized for baz with wrong password")
+	}
 	if !store.AA("username2", "password2", "qux") {
 		t.Fatalf("username2 not authenticated and authorized for qux")
 	}
@@ -297,76 +300,6 @@ func Test_AuthPermsAA(t *testing.T) {
 	}
 }
 
-func Test_AuthLoadHashedSingleRequest(t *testing.T) {
-	const jsonStream = `
-		[
-			{
-				"username": "username1",
-				"password": "password1"
-			},
-			{	"username": "username2",
-				"password": "password2"
-			}
-		]
-	`
-
-	store := NewCredentialsStore()
-	if err := store.Load(strings.NewReader(jsonStream)); err != nil {
-		t.Fatalf("failed to load multiple credentials: %s", err.Error())
-	}
-
-	b1 := &testBasicAuther{
-		username: "username1",
-		password: "password1",
-		ok:       true,
-	}
-	b2 := &testBasicAuther{
-		username: "username2",
-		password: "password2",
-		ok:       true,
-	}
-
-	b3 := &testBasicAuther{
-		username: "username1",
-		password: "wrong",
-		ok:       true,
-	}
-	b4 := &testBasicAuther{
-		username: "username2",
-		password: "wrong",
-		ok:       true,
-	}
-	b5 := &testBasicAuther{
-		username: "username1",
-		password: "password2",
-		ok:       true,
-	}
-	b6 := &testBasicAuther{
-		username: "username2",
-		password: "password1",
-		ok:       true,
-	}
-
-	if check := store.CheckRequest(b1); !check {
-		t.Fatalf("username1 (b1) credential not checked correctly via request")
-	}
-	if check := store.CheckRequest(b2); !check {
-		t.Fatalf("username2 (b2) credential not checked correctly via request")
-	}
-	if check := store.CheckRequest(b3); check {
-		t.Fatalf("username1 (b3) credential not checked correctly via request")
-	}
-	if check := store.CheckRequest(b4); check {
-		t.Fatalf("username2 (b4) credential not checked correctly via request")
-	}
-	if check := store.CheckRequest(b5); check {
-		t.Fatalf("username2 (b5) credential not checked correctly via request")
-	}
-	if check := store.CheckRequest(b6); check {
-		t.Fatalf("username2 (b5) credential not checked correctly via request")
-	}
-}
-
 func Test_AuthPermsRequestLoadSingle(t *testing.T) {
 	const jsonStream = `
 		[