The default security implementation in GeoServer for REST and OGC services is HTTP Basic. The HTTP Basic authentication has the widest adoption, and any client that is OGC compliant will support it. However, there is a downside to the HTTP Basic authentication; it is not very secure. The credentials for an HTTP Basic authentication are sent to the server as a header key in plain text, without any encryption. The username and password strings are encoded using Base64, which means they are difficult to be interpreted by users, but they are not secure as Base64-encoded strings can be decoded. An HTTP Basic header looks like the following:

Authorization: Basic dXNlcjpwYXNzd29yZA==

The header key is Authorization ...