by which I think you mean Basic Authentication, more properly HTTP authentication. From a funcationality point of view the only thing wrong with it is that the userid:password are simply base 64 encoded which makes them easy to capture. That's easy to fix if you're willing to pay the overhead for an SSL server. What makes it undesirable is the bad UI. Companies go to great lengths and spend large sums to make their sites look and behave a certain way. Basic Authentication pops an ugly dialog box over which they have no control. That and it breaks the flow of the dialog makes it a non-starter. The advantage SIDs and friends have is that they don't require the user to do anything--it's automatic. Even better, they don't require any knowledge of the user on the server-side so everyone is tracked equally. Because it is automatic and covers everyone, it doesn't break the UI that the company worked so hard to put together. Authentication is only needed for authorization or site personalization. For all their advantages, SIDs do have their downside too, as has been noted.