diff --git a/libraries/ESP8266WebServer/src/ESP8266WebServer-impl.h b/libraries/ESP8266WebServer/src/ESP8266WebServer-impl.h
index 6ae7b77938..6ffdbbd3b6 100644
--- a/libraries/ESP8266WebServer/src/ESP8266WebServer-impl.h
+++ b/libraries/ESP8266WebServer/src/ESP8266WebServer-impl.h
@@ -102,31 +102,31 @@ bool ESP8266WebServerTemplate<ServerType>::authenticate(const char * username, c
     if(authReq.startsWith(F("Basic"))){
       authReq = authReq.substring(6);
       authReq.trim();
-      char toencodeLen = strlen(username)+strlen(password)+1;
-      char *toencode = new (std::nothrow) char[toencodeLen + 1];
-      if(toencode == NULL){
-        authReq = "";
+
+      const size_t username_len = strlen(username);
+      const size_t password_len = strlen(password);
+
+      String raw;
+      raw.reserve(username_len + password_len + 1);
+      raw.concat(username, username_len);
+      raw += ':';
+      raw.concat(password, password_len);
+      if(!raw.length()) {
         return false;
       }
-      sprintf(toencode, "%s:%s", username, password);
-      String encoded = base64::encode((uint8_t *)toencode, toencodeLen, false);
-      if(!encoded){
-        authReq = "";
-        delete[] toencode;
+
+      String encoded = base64::encode(raw, false);
+      if(!encoded.length()){
         return false;
       }
       if(authReq.equalsConstantTime(encoded)) {
-        authReq = "";
-        delete[] toencode;
         return true;
       }
-      delete[] toencode;
     } else if(authReq.startsWith(F("Digest"))) {
       String _realm    = _extractParam(authReq, F("realm=\""));
-      String _H1 = credentialHash((String)username,_realm,(String)password);
-      return authenticateDigest((String)username,_H1);
+      String _H1 = credentialHash(username,_realm,password);
+      return authenticateDigest(username,_H1);
     }
-    authReq = "";
   }
   return false;
 }