As Figure 6.3 shows, IIS offers three forms of account authentication The first is anonymous, which actually means no authentication. The second is basic authentication. It is used with the secure socket layer and encrypts user names and passwords before they are put on the Internet. This form of authentication is the most common and is supported by most browsers. The third form of account authentication is Windows NT Challenge/Response. It is a higher level of authentication that automatically encrypts user names and passwords. Although it is not as widely supported, it is built into Internet Explorer 2.0.