When looking at the differences between X-Auth-Token vs Authorization headers, which is preferred?

Authorization is the primary header used by clients to authenticate against peers in HTTP as foreseen in RFC 7235. It is often linked to the Basic authentication scheme as per RFC 7617, but that is not a given.

The Basic scheme allows clients to provide a username-password-pair separated by a colon (:) coded in Base64. It cannot be stressed enough that this is a transport coding that provides no real security benefits. E.g. the example given by you can trivially be 'decrypted' into Aladdin:open sesame.

Through the IANA HTTP Authentication Scheme Registry (see also: RFC 7235, sec. 5.1) you will find the Bearer scheme (defined in RFC 6750), which is closely tied to OAuth 2.0. X-Auth-Token is pretty much providing a shortcut here as it (presumably) does not rely on either OAuth or the HTTP authentication framework.

Please note that with X-Auth-Token being an unregistered header, it is subject to no formal specification and its presence and content is always tied to a respective application. No general assumptions can be made on it.