Re authentication: the site uses HTTPS, and doesn't HTTPS provide authentication that you are connected to the right server, receiving only data from that server (assuming the server and it's contents aren't compromised)? Or are you referring to another type of authentication