diff --git a/js/modules/link_previews.js b/js/modules/link_previews.js
index 22ceeca317..6dd0b49b5d 100644
--- a/js/modules/link_previews.js
+++ b/js/modules/link_previews.js
@@ -117,7 +117,7 @@ function isLinkSneaky(href) {
   }
 
   // Any links which contain auth are considered sneaky
-  if (url.username) {
+  if (url.username || url.password) {
     return true;
   }
 
diff --git a/test/modules/link_previews_test.js b/test/modules/link_previews_test.js
index d655d1b6a9..738787b7aa 100644
--- a/test/modules/link_previews_test.js
+++ b/test/modules/link_previews_test.js
@@ -148,6 +148,8 @@ describe('Link previews', () => {
     describe('auth', () => {
       it('returns true for hrefs with auth (or pretend auth)', () => {
         assert.isTrue(isLinkSneaky('https://user:pass@example.com'));
+        assert.isTrue(isLinkSneaky('https://user:@example.com'));
+        assert.isTrue(isLinkSneaky('https://:pass@example.com'));
         assert.isTrue(
           isLinkSneaky('http://whatever.com&login=someuser@77777777')
         );