I am trying to decide which work factor to use for our hashed passwords, and I am facing the following dilemma. Let me elaborate for a moment.
Basic HTTP authentication works as follows:
- The user tries to access a protected resource.
- The web server returns HTTP error code 401.
- The web browser asks the user to enter credentials.
- From now on, for each web request:
- the web browser includes an Authorizationheader containing the user name and the password (in clear text, which is why this authentication scheme should only be used with HTTPS), and
- the web server validates the user name and the password.
 
- the web browser includes an 
As you can see, the final bullet point is executed for each web request. Thus, if I set the work factor to a level that causes password validation to take, for example, 1 second, I don't just have a 1 second delay when the user logs in (which would be OK) - I have a 1 second delay for every single HTTP request the logged-in user makes (which is not OK and would slow down a responsive AJAX web application to a crawl).
I'm also the one writing the web server authentication code, and I can think of a few ways to work around this issue: For example, after each successful authentication, I could cache the user name and a weakly hashed (fast) version of the password in memory and first try to authenticate against those credentials in future requests.
However, I don't want to get creative when it comes to security (following the Don't Roll Your Own Crypto principle). In addition, Basic HTTP authentication has been around for ages, and the recommendation for strongly hashed passwords has been around of ages, so this should be a "solved problem", right? In that case, what is the time-tested, canonical solution for this issue?
 
     
    