despite the fact that Username/Password is easyly sniffable in the - not too important - real world as usual and nearly unusable for Service Auth/Auth: It should be the part 1 of the SecurityTrinity: To know something, to have something, to be someone.