diff --git a/internal/config/auth_config_test.go b/internal/config/auth_config_test.go
index ab35f6cfb..85e5c8d23 100644
--- a/internal/config/auth_config_test.go
+++ b/internal/config/auth_config_test.go
@@ -214,17 +214,24 @@ func TestLoginSecureStorageUsesKeyring(t *testing.T) {
 	// Given a usable keyring
 	keyring.MockInit()
 	authCfg := newTestAuthConfig(t)
+	host := "github.com"
+	user := "test-user"
+	token := "test-token"
 
 	// When we login with secure storage
-	insecureStorageUsed, err := authCfg.Login("github.com", "test-user", "test-token", "", true)
+	insecureStorageUsed, err := authCfg.Login(host, user, token, "", true)
 
 	// Then it returns success, notes that insecure storage was not used, and stores the token in the keyring
 	require.NoError(t, err)
 	require.False(t, insecureStorageUsed, "expected to use secure storage")
 
-	token, err := keyring.Get(keyringServiceName("github.com"), "")
+	gotToken, err := keyring.Get(keyringServiceName(host), "")
 	require.NoError(t, err)
-	require.Equal(t, "test-token", token)
+	require.Equal(t, token, gotToken)
+
+	gotToken, err = keyring.Get(keyringServiceName(host), user)
+	require.NoError(t, err)
+	require.Equal(t, token, gotToken)
 }
 
 func TestLoginSecureStorageRemovesOldInsecureConfigToken(t *testing.T) {
diff --git a/internal/config/config.go b/internal/config/config.go
index 23bff82ce..123a20a91 100644
--- a/internal/config/config.go
+++ b/internal/config/config.go
@@ -251,6 +251,9 @@ func (c *AuthConfig) Login(hostname, username, token, gitProtocol string, secure
 	var setErr error
 	if secureStorage {
 		if setErr = keyring.Set(keyringServiceName(hostname), "", token); setErr == nil {
+			setErr = keyring.Set(keyringServiceName(hostname), username, token)
+		}
+		if setErr == nil {
 			// Clean up the previous oauth_tokens from the config file.
 			_ = c.cfg.Remove([]string{hostsKey, hostname, oauthTokenKey})
 			_ = c.cfg.Remove([]string{hostsKey, hostname, usersKey, username, oauthTokenKey})