Basic authentication is the default mechanism if the developer uses an authentication mechanism without defining it. With this authentication mechanism, if the user is not authenticated when they send a request, then a dialog box requesting a username and password is returned. This mechanism is not completely safe, because the username and password are easily captured, making man-in-the-middle attacks possible. To use this authentication mechanism, it is recommended to use a secure transport mechanism, such as SSL (HTTPS) or a VPN. The following figure represents a Java EE tutorial showing what happens when basic authentication is used: