diff --git a/services/sync/tests/unit/head_helpers.js b/services/sync/tests/unit/head_helpers.js
index f3e0d16da2e..d6ed5735573 100644
--- a/services/sync/tests/unit/head_helpers.js
+++ b/services/sync/tests/unit/head_helpers.js
@@ -402,3 +402,11 @@ function encryptPayload(cleartext) {
           hmac: Utils.sha256HMAC(cleartext, Utils.makeHMACKey(""))};
 }
 
+function basic_auth_header(user, password) {
+  return "Basic " + btoa(user + ":" + Utils.encodeUTF8(password));
+}
+
+function basic_auth_matches(req, user, password) {
+  return req.hasHeader("Authorization") &&
+         (req.getHeader("Authorization") == basic_auth_header(user, password));
+}
diff --git a/services/sync/tests/unit/head_http_server.js b/services/sync/tests/unit/head_http_server.js
index 5e3c1c15415..3669e2ae0ca 100644
--- a/services/sync/tests/unit/head_http_server.js
+++ b/services/sync/tests/unit/head_http_server.js
@@ -22,9 +22,7 @@ function httpd_handler(statusCode, status, body) {
 }
 
 function httpd_basic_auth_handler(body, metadata, response) {
-  // no btoa() in xpcshell.  it's guest:guest
-  if (metadata.hasHeader("Authorization") &&
-      metadata.getHeader("Authorization") == "Basic Z3Vlc3Q6Z3Vlc3Q=") {
+  if (basic_auth_matches(metadata, "guest", "guest")) {
     response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
     response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
   } else {
diff --git a/services/sync/tests/unit/test_auth_manager.js b/services/sync/tests/unit/test_auth_manager.js
index f31772fe8d5..f042e7eaee3 100644
--- a/services/sync/tests/unit/test_auth_manager.js
+++ b/services/sync/tests/unit/test_auth_manager.js
@@ -7,16 +7,19 @@ let logger;
 
 function server_handler(metadata, response) {
   let body, statusCode, status;
+  let guestHeader = basic_auth_header("guest", "guest");
+  let johnHeader  = basic_auth_header("johndoe", "moneyislike$£¥");
 
+  _("Guest header: " + guestHeader);
+  _("John header:  " + johnHeader);
+  
   switch (metadata.getHeader("Authorization")) {
-    // guest:guest
-    case "Basic Z3Vlc3Q6Z3Vlc3Q=":
+    case guestHeader:
       body = "This path exists and is protected";
       statusCode = 200;
       status = "OK";
       break;
-    // johndoe:moneyislike$\u20ac\xa5\u5143
-    case "Basic am9obmRvZTptb25leWlzbGlrZSTigqzCpeWFgw==":
+    case johnHeader:
       body = "This path exists and is protected by a UTF8 password";
       statusCode = 200;
       status = "OK";
@@ -33,20 +36,20 @@ function server_handler(metadata, response) {
 }
 
 function run_test() {
-do_test_pending();
-  logger = Log4Moz.repository.getLogger('Test');
-  Log4Moz.repository.rootLogger.addAppender(new Log4Moz.DumpAppender());
+  initTestLogging("Trace");
 
+  do_test_pending();
   let server = new nsHttpServer();
   server.registerPathHandler("/foo", server_handler);
   server.registerPathHandler("/bar", server_handler);
   server.start(8080);
 
-  let auth = new BasicAuthenticator(new Identity("secret", "guest", "guest"));
-  let auth2 = new BasicAuthenticator(
-      new Identity("secret2", "johndoe", "moneyislike$\u20ac\xa5\u5143"));
-  Auth.defaultAuthenticator = auth;
-  Auth.registerAuthenticator("bar$", auth2);
+  let guestIdentity = new Identity("secret", "guest", "guest");
+  let johnIdentity  = new Identity("secret2", "johndoe", "moneyislike$£¥")
+  let guestAuth     = new BasicAuthenticator(guestIdentity);
+  let johnAuth      = new BasicAuthenticator(johnIdentity);
+  Auth.defaultAuthenticator = guestAuth;
+  Auth.registerAuthenticator("bar$", johnAuth);
 
   try {
     let content = new Resource("http://localhost:8080/foo").get();
diff --git a/services/sync/tests/unit/test_resource.js b/services/sync/tests/unit/test_resource.js
index 8c617fb9869..d6fa5592c60 100644
--- a/services/sync/tests/unit/test_resource.js
+++ b/services/sync/tests/unit/test_resource.js
@@ -21,9 +21,7 @@ function server_open(metadata, response) {
 function server_protected(metadata, response) {
   let body;
 
-  // no btoa() in xpcshell.  it's guest:guest
-  if (metadata.hasHeader("Authorization") &&
-      metadata.getHeader("Authorization") == "Basic Z3Vlc3Q6Z3Vlc3Q=") {
+  if (basic_auth_matches(metadata, "guest", "guest")) {
     body = "This path exists and is protected";
     response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
     response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
diff --git a/services/sync/tests/unit/test_resource_async.js b/services/sync/tests/unit/test_resource_async.js
index 94236a2a65e..3bc72c96b42 100644
--- a/services/sync/tests/unit/test_resource_async.js
+++ b/services/sync/tests/unit/test_resource_async.js
@@ -21,9 +21,7 @@ function server_open(metadata, response) {
 function server_protected(metadata, response) {
   let body;
 
-  // no btoa() in xpcshell.  it's guest:guest
-  if (metadata.hasHeader("Authorization") &&
-      metadata.getHeader("Authorization") == "Basic Z3Vlc3Q6Z3Vlc3Q=") {
+  if (basic_auth_matches(metadata, "guest", "guest")) {
     body = "This path exists and is protected";
     response.setStatusLine(metadata.httpVersion, 200, "OK, authorized");
     response.setHeader("WWW-Authenticate", 'Basic realm="secret"', false);
diff --git a/services/sync/tests/unit/test_service_changePassword.js b/services/sync/tests/unit/test_service_changePassword.js
index 38a0e845099..8555a5c63cc 100644
--- a/services/sync/tests/unit/test_service_changePassword.js
+++ b/services/sync/tests/unit/test_service_changePassword.js
@@ -43,10 +43,11 @@ function run_test() {
     do_check_eq(logins[0].password, "ILoveJane83");
 
     _("A non-ASCII password is UTF-8 encoded.");
-    res = Weave.Service.changePassword("moneyislike$\u20ac\xa5\u5143");
+    const moneyPassword = "moneyislike$£¥";
+    res = Weave.Service.changePassword(moneyPassword);
     do_check_true(res);
-    do_check_eq(Weave.Service.password, "moneyislike$\u20ac\xa5\u5143");
-    do_check_eq(requestBody, Utils.encodeUTF8("moneyislike$\u20ac\xa5\u5143"));
+    do_check_eq(Weave.Service.password, moneyPassword);
+    do_check_eq(requestBody, Utils.encodeUTF8(moneyPassword));
 
     _("changePassword() returns false for a server error, the password won't change.");
     Weave.Svc.Login.removeAllLogins();
diff --git a/services/sync/tests/unit/test_service_createAccount.js b/services/sync/tests/unit/test_service_createAccount.js
index b8cee9095e7..7cb18ce66a4 100644
--- a/services/sync/tests/unit/test_service_createAccount.js
+++ b/services/sync/tests/unit/test_service_createAccount.js
@@ -39,12 +39,12 @@ function run_test() {
     do_check_eq(payload["captcha-response"], "response");
 
     _("A non-ASCII password is UTF-8 encoded.");
-    res = Service.createAccount("john@doe.com", "moneyislike$\u20ac\xa5\u5143",
+    const moneyPassword = "moneyislike$£¥";
+    res = Service.createAccount("john@doe.com", moneyPassword,
                                 "challenge", "response");
     do_check_eq(res, null);
     payload = JSON.parse(requestBody);
-    do_check_eq(payload.password,
-                Utils.encodeUTF8("moneyislike$\u20ac\xa5\u5143"));
+    do_check_eq(payload.password, Utils.encodeUTF8(moneyPassword));
 
     _("Invalid captcha or other user-friendly error.");
     res = Service.createAccount("jane@doe.com", "anothersecretpw",
diff --git a/services/sync/tests/unit/test_service_login.js b/services/sync/tests/unit/test_service_login.js
index 8eb332e272e..9db7770ef76 100644
--- a/services/sync/tests/unit/test_service_login.js
+++ b/services/sync/tests/unit/test_service_login.js
@@ -6,12 +6,8 @@ Cu.import("resource://services-sync/util.js");
 
 function login_handling(handler) {
   return function (request, response) {
-    // btoa('johndoe:ilovejane') == am9obmRvZTppbG92ZWphbmU=
-    // btoa('janedoe:ilovejohn') == amFuZWRvZTppbG92ZWpvaG4=
-    let header = request.getHeader("Authorization");
-    if (header &&
-        header == "Basic am9obmRvZTppbG92ZWphbmU=" ||
-        header == "Basic amFuZWRvZTppbG92ZWpvaG4=") {
+    if (basic_auth_matches(request, "johndoe", "ilovejane") ||
+        basic_auth_matches(request, "janedoe", "ilovejohn")) {
       handler(request, response);
     } else {
       let body = "Unauthorized";
diff --git a/services/sync/tests/unit/test_service_sync_401.js b/services/sync/tests/unit/test_service_sync_401.js
index 78bb082ab07..ee110de2bd2 100644
--- a/services/sync/tests/unit/test_service_sync_401.js
+++ b/services/sync/tests/unit/test_service_sync_401.js
@@ -2,9 +2,7 @@ Cu.import("resource://services-sync/main.js");
 
 function login_handling(handler) {
   return function (request, response) {
-    // btoa('johndoe:ilovejane') == am9obmRvZTppbG92ZWphbmU=
-    if (request.hasHeader("Authorization") &&
-        request.getHeader("Authorization") == "Basic am9obmRvZTppbG92ZWphbmU=") {
+    if (basic_auth_matches(request, "johndoe", "ilovejane")) {
       handler(request, response);
     } else {
       let body = "Unauthorized";
diff --git a/services/sync/tests/unit/test_service_verifyLogin.js b/services/sync/tests/unit/test_service_verifyLogin.js
index 7d3c497a797..5f9268986cd 100644
--- a/services/sync/tests/unit/test_service_verifyLogin.js
+++ b/services/sync/tests/unit/test_service_verifyLogin.js
@@ -6,9 +6,7 @@ Cu.import("resource://services-sync/util.js");
 
 function login_handling(handler) {
   return function (request, response) {
-    // btoa('johndoe:ilovejane') == am9obmRvZTppbG92ZWphbmU=
-    if (request.hasHeader("Authorization") &&
-        request.getHeader("Authorization") == "Basic am9obmRvZTppbG92ZWphbmU=") {
+    if (basic_auth_matches(request, "johndoe", "ilovejane")) {
       handler(request, response);
     } else {
       let body = "Unauthorized";