diff --git a/detect_secrets/plugins/basic_auth.py b/detect_secrets/plugins/basic_auth.py
index eda4afb20..ff0b46e57 100644
--- a/detect_secrets/plugins/basic_auth.py
+++ b/detect_secrets/plugins/basic_auth.py
@@ -6,8 +6,12 @@
 from detect_secrets.core.potential_secret import PotentialSecret
 
 
+SPECIAL_URL_CHARACTERS = ':/?#[]@'
 BASIC_AUTH_REGEX = re.compile(
-    r'://[^:]+:([^@]+)@',
+    r'://[^{}\s]+:([^{}\s]+)@'.format(
+        re.escape(SPECIAL_URL_CHARACTERS),
+        re.escape(SPECIAL_URL_CHARACTERS),
+    ),
 )
 
 
diff --git a/tests/plugins/basic_auth_test.py b/tests/plugins/basic_auth_test.py
index dbf3c4496..1477fcc75 100644
--- a/tests/plugins/basic_auth_test.py
+++ b/tests/plugins/basic_auth_test.py
@@ -11,6 +11,7 @@ class TestBasicAuthDetector(object):
         'payload, should_flag',
         [
             ('https://username:password@yelp.com', True,),
+            ('http://localhost:5000/<%= @variable %>', False,),
         ],
     )
     def test_analyze_string(self, payload, should_flag):