Basic authentication is defined in RFC 2617, HTTP Authentication: Basic and Digest Access Authentication.

Disadvantages

• User credentials are sent in the request.
• Credentials are sent as plaintext.
• Credentials are sent with every request.
• No way to log out, except by ending the browser session.
• Vulnerable to cross-site request forgery (CSRF); requires anti-CSRF measures.

Advantages

• Internet standard.
• Supported by all major browsers.
• Relatively simple protocol.