Skip Navigation

HTTP basic authentication

HTTP basic authentication implementation is the simplest technique for enforcing access controls to web resources because it doesn’t require cookies, session identifiers, or login pages. Instead, HTTP basic authentication uses static, standard HTTP headers, which means that no handshakes have to be done in anticipation.
However, the basic authentication mechanism provides no confidentiality protection for the transmitted credentials. They are merely encoded with BASE64 in transit, but not encrypted or hashed. Basic authentication should therefore only be used over HTTPS.