Basic authentication isn't provided by BGP, it's handled by TCP.
The session protection via TCP using MD5 is developed to be used via BGP (RFC 2385) but can be used for any other scenario.
Protects the protocol of spoofing and TCP direct attacks (resets)
A MD5 hash is generated using the password that both sides know, along with TCP segment data, IP addresses, etc.
The receiving end device does the same calculation (using the password locally configured) and if the resulting hash matches the incoming one, the message is deemed valid.
For BGP, there are also other built in methods to do authentication. These are typically more flexible and operate above the BGP messages with the use of: Marker, capabilities, different hashing algorithms, Authentication Code, Authentication data, etc.