Every authentication mechanism in use today emerged to address a specific set of constraints the previous one wasn't designed for. This article walks through that chain — not as a list of definitions, but as a sequence of problems and the constraints that shaped each solution.
1. The Problem With Sending Passwords Every Request
The earliest widely used approach, HTTP Basic Authentication, is also the simplest to understand. The client sends the username and password, base64-encoded, on every single request:
GET /api/data
Authorization: Basic dXNlcjpwYXNzd29yZA==






