As I was sitting in Pat Hynds phenomenal presentation on ASP.NET Security at VTdotNET last Monday, I started thinking about how people work SO hard to secure websites with password protection but then almost every website will email you your login and password. If we spend so much time worrying about people “hopping on” to authenticated HTTP transports, don’t those same people have the ability to read/grab/reroute our emails? Maybe the answer is “no” and everything is still right with the world, but it sure did make me wonder.

  Sign up for my newsletter so you don't miss my conference & Pluralsight course announcements!