diff --git a/carddav/client.go b/carddav/client.go
index 3c8531a..74327d8 100644
--- a/carddav/client.go
+++ b/carddav/client.go
@@ -28,6 +28,11 @@ func NewClient(c *http.Client, endpoint string) (*Client, error) {
 	return &Client{wc, ic}, nil
 }
 
+func (c *Client) SetBasicAuth(username, password string) {
+	c.Client.SetBasicAuth(username, password)
+	c.ic.SetBasicAuth(username, password)
+}
+
 func (c *Client) FindAddressBookHomeSet(principal string) (string, error) {
 	name := xml.Name{namespace, "addressbook-home-set"}
 	propfind := internal.NewPropNamePropfind(name)
diff --git a/client.go b/client.go
index 488f41f..38e5f4a 100644
--- a/client.go
+++ b/client.go
@@ -19,6 +19,10 @@ func NewClient(c *http.Client, endpoint string) (*Client, error) {
 	return &Client{ic}, nil
 }
 
+func (c *Client) SetBasicAuth(username, password string) {
+	c.c.SetBasicAuth(username, password)
+}
+
 func (c *Client) FindCurrentUserPrincipal() (string, error) {
 	name := xml.Name{"DAV:", "current-user-principal"}
 	propfind := internal.NewPropNamePropfind(name)
diff --git a/internal/client.go b/internal/client.go
index 442d699..d270a54 100644
--- a/internal/client.go
+++ b/internal/client.go
@@ -52,8 +52,10 @@ func (d Depth) String() string {
 }
 
 type Client struct {
-	http     *http.Client
-	endpoint *url.URL
+	http               *http.Client
+	endpoint           *url.URL
+	username, password string
+	insecure           bool
 }
 
 func NewClient(c *http.Client, endpoint string) (*Client, error) {
@@ -65,7 +67,12 @@ func NewClient(c *http.Client, endpoint string) (*Client, error) {
 	if err != nil {
 		return nil, err
 	}
-	return &Client{c, u}, nil
+	return &Client{http: c, endpoint: u}, nil
+}
+
+func (c *Client) SetBasicAuth(username, password string) {
+	c.username = username
+	c.password = password
 }
 
 func (c *Client) NewRequest(method string, href string, body io.Reader) (*http.Request, error) {
@@ -96,8 +103,9 @@ func (c *Client) NewXMLRequest(method string, href string, v interface{}) (*http
 }
 
 func (c *Client) Do(req *http.Request) (*http.Response, error) {
-	// TODO: remove this quirk
-	req.SetBasicAuth("emersion", "")
+	if c.username != "" || c.password != "" {
+		req.SetBasicAuth(c.username, c.password)
+	}
 	return c.http.Do(req)
 }