I read this article -> Available here and now I'm interested to know what methods other people use for securing their websites.

Basically I'm using Forms Authentication and using all forms of protection I can including setting cookie protection to All and using SSL for any pages that require the transmission of username/password.

There is another function built into ASP.NET that only allows the authentication cookie only to be accessible over a secure connection which at present I'm not using as it would mean the entire site would need to be SSL protected due to personalisation I have in place. I have menus etc. that are tailored to users which obviously need to access the authentication details. How should I tackle this?

Any advice or experiences would be appreciated.

DJ