RFC2617 specifies HTTP basic access authentication and HTTP digest access authentication. With basic authentication, passwords are sent in clear text over the network (leaving them vulnerable to sniffers), while with digest authentication a digest (or hash function) of the password and a random challenge are used.
By default, the firewall supports basic authentication for proxy HTTP access. It can be configured (via an entry in the /usr/local/custom/http.ini file) to use digest authentication instead, but this is unsupported by many web browsers.