diff --git a/lib/strategy.js b/lib/strategy.js
index e54e92a..96bb283 100644
--- a/lib/strategy.js
+++ b/lib/strategy.js
@@ -70,11 +70,7 @@ Strategy.prototype.authenticate = function(req, options) {
   options = options || {};
   var username = lookup(req.body, this._usernameField) || lookup(req.query, this._usernameField);
   var password = lookup(req.body, this._passwordField) || lookup(req.query, this._passwordField);
-  
-  if (!username || !password) {
-    return this.fail({ message: options.badRequestMessage || 'Missing credentials' }, 400);
-  }
-  
+
   var self = this;
   
   function verified(err, user, info) {
diff --git a/test/strategy.normal.test.js b/test/strategy.normal.test.js
index a7e2139..1b1b18f 100644
--- a/test/strategy.normal.test.js
+++ b/test/strategy.normal.test.js
@@ -83,40 +83,37 @@ describe('Strategy', function() {
   
   describe('handling a request without a body', function() {
     var strategy = new Strategy(function(username, password, done) {
-      throw new Error('should not be called');
+      return done(null, false, { message: 'authentication failed' });
     });
     
-    var info, status;
+    var info;
     
     before(function(done) {
       chai.passport(strategy)
-        .fail(function(i, s) {
+        .fail(function(i) {
           info = i;
-          status = s;
           done();
         })
         .authenticate();
     });
     
-    it('should fail with info and status', function() {
-      expect(info).to.be.an.object;
-      expect(info.message).to.equal('Missing credentials');
-      expect(status).to.equal(400);
+    it('should fail', function() {
+      expect(info).to.be.an('object');
+      expect(info.message).to.equal('authentication failed');
     });
   });
   
-  describe('handling a request without a body, but no username and password', function() {
+  describe('handling a request with a body, but no username and password', function() {
     var strategy = new Strategy(function(username, password, done) {
-      throw new Error('should not be called');
+      return done(null, false, { message: 'authentication failed' });
     });
     
-    var info, status;
+    var info;
     
     before(function(done) {
       chai.passport(strategy)
         .fail(function(i, s) {
           info = i;
-          status = s;
           done();
         })
         .req(function(req) {
@@ -125,25 +122,23 @@ describe('Strategy', function() {
         .authenticate();
     });
     
-    it('should fail with info and status', function() {
-      expect(info).to.be.an.object;
-      expect(info.message).to.equal('Missing credentials');
-      expect(status).to.equal(400);
+    it('should fail', function() {
+      expect(info).to.be.an('object');
+      expect(info.message).to.equal('authentication failed');
     });
   });
   
   describe('handling a request without a body, but no password', function() {
     var strategy = new Strategy(function(username, password, done) {
-      throw new Error('should not be called');
+      return done(null, false, { message: 'authentication failed' });
     });
     
-    var info, status;
+    var info;
     
     before(function(done) {
       chai.passport(strategy)
         .fail(function(i, s) {
           info = i;
-          status = s;
           done();
         })
         .req(function(req) {
@@ -153,25 +148,23 @@ describe('Strategy', function() {
         .authenticate();
     });
     
-    it('should fail with info and status', function() {
-      expect(info).to.be.an.object;
-      expect(info.message).to.equal('Missing credentials');
-      expect(status).to.equal(400);
+    it('should fail', function() {
+      expect(info).to.be.an('object');
+      expect(info.message).to.equal('authentication failed');
     });
   });
   
   describe('handling a request without a body, but no username', function() {
     var strategy = new Strategy(function(username, password, done) {
-      throw new Error('should not be called');
+      return done(null, false, { message: 'authentication failed' });
     });
     
-    var info, status;
+    var info;
     
     before(function(done) {
       chai.passport(strategy)
         .fail(function(i, s) {
           info = i;
-          status = s;
           done();
         })
         .req(function(req) {
@@ -181,10 +174,9 @@ describe('Strategy', function() {
         .authenticate();
     });
     
-    it('should fail with info and status', function() {
-      expect(info).to.be.an.object;
-      expect(info.message).to.equal('Missing credentials');
-      expect(status).to.equal(400);
+    it('should fail', function() {
+      expect(info).to.be.an('object');
+      expect(info.message).to.equal('authentication failed');
     });
   });
   
diff --git a/test/strategy.options.test.js b/test/strategy.options.test.js
index 1c42c6c..0d7bc68 100644
--- a/test/strategy.options.test.js
+++ b/test/strategy.options.test.js
@@ -9,16 +9,15 @@ describe('Strategy', function() {
     
   describe('handling a request without a body, but no username and password, with message option to authenticate', function() {
     var strategy = new Strategy(function(username, password, done) {
-      throw new Error('should not be called');
+      return done(null, false, { message: 'Something is wrong with this request' });
     });
     
-    var info, status;
+    var info;
     
     before(function(done) {
       chai.passport(strategy)
         .fail(function(i, s) {
           info = i;
-          status = s;
           done();
         })
         .req(function(req) {
@@ -27,10 +26,9 @@ describe('Strategy', function() {
         .authenticate({ badRequestMessage: 'Something is wrong with this request' });
     });
     
-    it('should fail with info and status', function() {
+    it('should fail', function() {
       expect(info).to.be.an.object;
       expect(info.message).to.equal('Something is wrong with this request');
-      expect(status).to.equal(400);
     });
   });