Index: trunk/src/org/openstreetmap/josm/gui/MainApplication.java
===================================================================
--- trunk/src/org/openstreetmap/josm/gui/MainApplication.java	(revision 9395)
+++ trunk/src/org/openstreetmap/josm/gui/MainApplication.java	(revision 9396)
@@ -401,5 +401,4 @@
         }
 
-        DefaultAuthenticator.createInstance();
         Authenticator.setDefault(DefaultAuthenticator.getInstance());
         DefaultProxySelector proxySelector = new DefaultProxySelector(ProxySelector.getDefault());
Index: trunk/src/org/openstreetmap/josm/io/auth/DefaultAuthenticator.java
===================================================================
--- trunk/src/org/openstreetmap/josm/io/auth/DefaultAuthenticator.java	(revision 9395)
+++ trunk/src/org/openstreetmap/josm/io/auth/DefaultAuthenticator.java	(revision 9396)
@@ -4,10 +4,11 @@
 import java.net.Authenticator;
 import java.net.PasswordAuthentication;
-import java.util.EnumMap;
-import java.util.Map;
+import java.util.Collection;
+import java.util.HashSet;
 import java.util.Objects;
 
 import org.openstreetmap.josm.Main;
 import org.openstreetmap.josm.io.OsmApi;
+import org.openstreetmap.josm.tools.Pair;
 
 /**
@@ -17,5 +18,5 @@
  */
 public final class DefaultAuthenticator extends Authenticator {
-    private static volatile DefaultAuthenticator instance;
+    private static final DefaultAuthenticator INSTANCE = new DefaultAuthenticator();
 
     /**
@@ -24,15 +25,8 @@
      */
     public static DefaultAuthenticator getInstance() {
-        return instance;
+        return INSTANCE;
     }
 
-    /**
-     * Creates the unique instance
-     */
-    public static void createInstance() {
-        instance = new DefaultAuthenticator();
-    }
-
-    private final Map<RequestorType, Boolean> credentialsTried = new EnumMap<>(RequestorType.class);
+    private final Collection<Pair<String, RequestorType>> failedCredentials = new HashSet<>();
     private boolean enabled = true;
 
@@ -54,9 +48,19 @@
                 return null;
             }
-            boolean tried = credentialsTried.get(getRequestorType()) != null;
-            CredentialsAgentResponse response = CredentialsManager.getInstance().getCredentials(getRequestorType(), getRequestingHost(), tried);
-            if (response == null || response.isCanceled())
+            final Pair<String, RequestorType> hostTypePair = Pair.create(getRequestingHost(), getRequestorType());
+            final boolean hasFailedPreviously = failedCredentials.contains(hostTypePair);
+            final CredentialsAgentResponse response = CredentialsManager.getInstance().getCredentials(
+                    getRequestorType(), getRequestingHost(), hasFailedPreviously);
+            if (response == null || response.isCanceled()) {
                 return null;
-            credentialsTried.put(getRequestorType(), Boolean.TRUE);
+            }
+            if (RequestorType.PROXY.equals(getRequestorType())) {
+                // Query user in case this authenticator is called (indicating that the authentication failed) the next time.
+                failedCredentials.add(hostTypePair);
+            } else {
+                // Other parallel requests should not ask the user again, thus wait till this request is finished.
+                // In case of invalid authentication, the host is added again to failedCredentials at HttpClient.connect()
+                failedCredentials.remove(hostTypePair);
+            }
             return new PasswordAuthentication(response.getUsername(), response.getPassword());
         } catch (CredentialsAgentException e) {
@@ -66,10 +70,39 @@
     }
 
+    /**
+     * Determines whether this authenticator is enabled, i.e.,
+     * provides {@link #getPasswordAuthentication() password authentication} via {@link CredentialsManager}.
+     * @return whether this authenticator is enabled
+     */
     public boolean isEnabled() {
         return enabled;
     }
 
+    /**
+     * Enabled/disables this authenticator, i.e., decides whether it
+     * should provide {@link #getPasswordAuthentication() password authentication} via {@link CredentialsManager}.
+     * @param enabled whether this authenticator should be enabled
+     */
     public void setEnabled(boolean enabled) {
         this.enabled = enabled;
     }
+
+    /**
+     * Marks for this host that the authentication failed, i.e.,
+     * the {@link CredentialsManager} will show a dialog at the next time.
+     * @param host the host to mark
+     * @return as per {@link Collection#add(Object)}
+     */
+    public boolean addFailedCredentialHost(String host) {
+        return failedCredentials.add(Pair.create(host, RequestorType.SERVER));
+    }
+
+    /**
+     * Un-marks the failed authentication attempt for the host
+     * @param host the host to un-mark
+     * @return as per {@link Collection#remove(Object)}
+     */
+    public boolean removeFailedCredentialHost(String host) {
+        return failedCredentials.remove(Pair.create(host, RequestorType.SERVER));
+    }
 }
Index: trunk/src/org/openstreetmap/josm/tools/HttpClient.java
===================================================================
--- trunk/src/org/openstreetmap/josm/tools/HttpClient.java	(revision 9395)
+++ trunk/src/org/openstreetmap/josm/tools/HttpClient.java	(revision 9396)
@@ -29,4 +29,5 @@
 import org.openstreetmap.josm.io.ProgressOutputStream;
 import org.openstreetmap.josm.io.UTFInputStreamReader;
+import org.openstreetmap.josm.io.auth.DefaultAuthenticator;
 
 /**
@@ -122,4 +123,7 @@
                 if (Main.isDebugEnabled()) {
                     Main.debug("RESPONSE: " + connection.getHeaderFields());
+                }
+                if (DefaultAuthenticator.getInstance().isEnabled() && connection.getResponseCode() == HttpURLConnection.HTTP_UNAUTHORIZED) {
+                    DefaultAuthenticator.getInstance().addFailedCredentialHost(url.getHost());
                 }
             } catch (IOException e) {