You just need to encode special characters like that before passing them as part of the URL, so @ would need to be passed as %40, eg:
https://user:password%40www.example.com
(I typically use this – http://meyerweb.com/eric/tools/dencoder/ – for my en/decoding needs.)