Understand the limitations of Basic Authentication
Understand the alternatives to Basic Authentication
Gain an introduction to OAuth
Lesson
This lesson is designed to be completed offline through self-study.
What's wrong with Basic Auth?
The password is sent over the wire in Base64 encoding which can be easily decoded (if Basic Auth is used, it should always go over HTTPS for this reason)
The password is sent for each request meaning there is a large attack window
Basic authentication does not have a logout function and the browser will store the credentials until it has been restarted
Alternatives to Basic Authentication
To find out what alternatives there are to Basic Authentiation, please complete the "API Security 101" section of the Getting Started with OAuth 2.0 course on Pluralsight (23 mins).
