

Why I Love Basic Auth - duncans
http://www.rdegges.com/why-i-love-basic-auth/

======
walski
Hey, nice write up. As you said in the article it is a controversial topic and
I definitively see that "bandwagon effect" when it comes to using OAuth in
favor of Basic Auth. One thing I'm a bit worried about, though whenever I use
Basic Auth is the longevity of it's credentials. The lack of tokens
automatically means that as long as the dev does not implement some
"credential rotation" mechanism (carried out either manually or automatically)
leaked credentials become a long lasting problem.

OAuth is not perfect by any means but this scares me away from Basic Auth a
lot. Especially given the fact that those "leaks" might go by unnoticed. Using
some authentication mechanism with short-lived tokens mitigates this risk at
least in the long run as leaked tokens will just expire.

