Web server Basic Authentication is not secure authentication since the passwords are transmitted in the clear without cryptographic cover. Furthermore, all information in IPFS is publicly viewable. So, if you are using a
.htpasswd file, that file is publicly viewable. Thus, your passwords are both transmitted in the clear AND stored unencrypted and available for public viewing. However, if you are accessing the web page through a TLS enabled gateway, you could rely on the gateway’s TLS to provide cover.
Sadly, GNUTLS removed the ability to use a PGP key as a trust root…
If this functionality still existed and had been widely supported in web browsers, securing web traffic to IPFS would be fairly easy… just place your PGP public key in your web app structure.