When authenticating we handle the control password as follows: ``` // Surround non-hex strings with double quotes. const kIsHexRE = /^[A-Fa-f0-9]*$/; if (!kIsHexRE.test(pwdArg)) pwdArg = '"' + pwdArg + '"'; ``` But the spec says `"AUTHENTICATE" [ SP 1*HEXDIG / QuotedString ] CRLF` and `HEXDIG` being `DIGIT / "A" / "B" / "C" / "D" / "E" / "F"` according to RFC 2234. Thus, we are a bit more lenient than we should at the moment.