Microsoft
MicrosoftNot an easy answer, we had an internal discussion on the topic when someone asked about it.
If you're using basic auth AND you're also not using HTTPS/SSL, then you're sending your creds in clear text over the network and it's obvious why that's bad. But as long as you're using SSL, it's only kind-of bad.
Your creds are still secure with basic auth as long you're using SSL/TLS, but there are two other things that make basic auth still less preferable than Kerberos auth.
1) Performance. Kerberos performs better. NTLM or Username/Password auth requires a round trip to the domain controller for every authentication. Kerberos does not. Hence it performs better.
2) Mutual authentication. With Kerberos, you have mutual authentication, which means not only is the server validating your identity, but you as the client have the added benefit of being able to trust that you're talking to the server that you think you are.
Lee Holmes, discussed this also in the following article:
Bottom line, if you need to use Basic Auth you should take a deviation for only the machines that require it.