You may have heard claims that HTTP “basic” authentication (classic user/password popup prompt or via an API call) leaves credentials unencrypted and exposed. While it’s true that basic auth itself doesn’t encrypt credentials, this doesn’t matter in practice. Modern sites and APIs should be using HTTPS, which encrypts everything over the wire, protecting basic authentication credentials in transit. This article will explain why that’s the case. A quick overview of HTTP authentication The way HTTP authentication works is via standard headers. We recommend the Mozilla Developer Network (MDN) documentation if you want to learn more, but to summarize: when the…
The post Basic Authentication Credentials Are Encrypted with TLS appeared first on Seiden Group. Read More