Basic authentication is achieved through the process of exclusive ORing (XOR) and is considered weak.
Message digest authentication is a big improvement over basic. Message digest uses the MD5 hashing algorithm. Message digest is based on a challenge response protocol. It uses the username, the password, and a nonce (random) value to create an encrypted value that is passed to the server.
Forms-based authentication is widely used on the Internet. It functions through the use of a cookie that is issued to a client. Once authenticated, the application generates a cookie or session variable.
Certificate-based authentication is considered strong. When users attempt to authenticate, they present the web server with their certificate. The certificate contains a public key and the signature of the Certificate authority.
Dictionary attacks A text file full of dictionary words is loaded into a password program and then run against user accounts located by the application. If simple passwords have been used, this might be enough to do the trick.
Hybrid attacks Similar to a dictionary attack, except that it adds numbers or symbols to the dictionary words. Many people change their passwords by simply adding a number to the end of their current password. The pattern usually takes this form: first month's password is "Mike"; second month's password is "Mike2"; third month's password is "Mike3"; and so on.
Brute force attacks The most comprehensive form of attack and the most potentially time-consuming. Brute force attacks can take weeks, depending on the length and complexity of the password.