Login Security - Do you know the correct error message for an incorrect user name or password?
When a user fails to sign in due to invalid email or password, you might have the well intention of letting them know by telling them exactly which one is invalid.
However this is not secure. It makes it easier for bad guys (e.g., hacker) to get access to your account and do malicious things to the site and with your information.
The more secure message should be 'Invalid email or password'.
See Login.aspx for a real example.