diff --git a/docs/changelog.rst b/docs/changelog.rst
index 0413aa5..c7cd33f 100644
--- a/docs/changelog.rst
+++ b/docs/changelog.rst
@@ -3,6 +3,15 @@ Changelog
 #########
 
 
+*********
+**1.7.2**
+*********
+
+*Release date: May 12, 2018*
+
+- **FIXED:** fixed generation of default ``SECURITY_REQUIREMENTS`` to match documented behaviour
+
+
 *********
 **1.7.1**
 *********
diff --git a/docs/security.rst b/docs/security.rst
index 95f6d8a..8010b92 100644
--- a/docs/security.rst
+++ b/docs/security.rst
@@ -39,7 +39,7 @@ Security requirements
 The second step is specifying, for each endpoint, which authentication mechanism can be used for interacting with it.
 See https://github.com/OAI/OpenAPI-Specification/blob/master/versions/2.0.md#security-requirement-object for details.
 
-By default, a top-level `security` that accepts all the declared security definitions is generated.
+By default, a top-level `security` that accepts any one of the declared security definitions is generated.
 For the example above, that would be :code:`[{'Basic': []}, {'Bearer': []}]`. This can be overriden using the
 :ref:`SECURITY_REQUIREMENTS <security-definitions-settings>` setting.
 
diff --git a/src/drf_yasg/generators.py b/src/drf_yasg/generators.py
index 4dd5f1f..0e09c2d 100644
--- a/src/drf_yasg/generators.py
+++ b/src/drf_yasg/generators.py
@@ -206,7 +206,7 @@ class OpenAPISchemaGenerator(object):
         security_definitions = swagger_settings.SECURITY_DEFINITIONS
         security_requirements = swagger_settings.SECURITY_REQUIREMENTS
         if security_requirements is None:
-            security_requirements = [{security_scheme: [] for security_scheme in swagger_settings.SECURITY_DEFINITIONS}]
+            security_requirements = [{security_scheme: []} for security_scheme in swagger_settings.SECURITY_DEFINITIONS]
 
         url = self.url
         if url is None and request is not None:
diff --git a/testproj/testproj/settings/base.py b/testproj/testproj/settings/base.py
index fc81074..953b861 100644
--- a/testproj/testproj/settings/base.py
+++ b/testproj/testproj/settings/base.py
@@ -94,7 +94,18 @@ SWAGGER_SETTINGS = {
     'LOGIN_URL': '/admin/login',
     'LOGOUT_URL': '/admin/logout',
 
-    'DEFAULT_INFO': 'testproj.urls.swagger_info'
+    'DEFAULT_INFO': 'testproj.urls.swagger_info',
+
+    'SECURITY_DEFINITIONS': {
+        'Basic': {
+            'type': 'basic'
+        },
+        'Bearer': {
+            'type': 'apiKey',
+            'name': 'Authorization',
+            'in': 'header'
+        }
+    }
 }
 
 # Internationalization
diff --git a/tests/reference.yaml b/tests/reference.yaml
index 5dc1127..132eacb 100644
--- a/tests/reference.yaml
+++ b/tests/reference.yaml
@@ -21,10 +21,15 @@ consumes:
 produces:
   - application/json
 securityDefinitions:
-  basic:
+  Basic:
     type: basic
+  Bearer:
+    type: apiKey
+    name: Authorization
+    in: header
 security:
-  - basic: []
+  - Basic: []
+  - Bearer: []
 paths:
   /articles/:
     get: