If you use an authentication manager from urllib2, it will submit user code and password if authentication fails.
However, if the password is wrong, the authentication manager will happily try again, again with the same password.
A simple way to circumvent this is attached: it modifies the password manager's behaviour to submit each password only once.
One problem I see is in cases where a program needs to log in multiple times in the same site: I propose an extra call to the password manager to reset the "visited" flag.

More details and sample code are in the file.

There was a fix made in issue8797, which adopts a retry approach before failing for wrong password. This is present for Basic Auth and Digest Auth, so the problem wont be faced. Jurjen, do you have any comments before I mark this as Invalid. I see you have adopted a different approach for the patch, but the result would be same (no infinite retries)

Yep you're right. In that thread they are talking about the exact same problem as I was having. Obviously, I didn't find that one when I was looking for the problem in the database before I posted this.
I do have my doubts about the 5 retries they propose though, I am not sure that the web site I use will not block the account if someone does 5 attempts.
- Jurjen

Okay, so there is another negative vote 5 retries in the basic auth.
But yeah, this bug can be marked duplicate.

Duplicate of issue8797