Your XSite username and password are the keys to all of your a la mode products and online services. If criminals or other malicious users steal – or can guess - your password, they gain access to not only your online products, but the private data of your customers as well.

To help you improve the security of your passwords, XSites require that they meet the “Strong Password” standard. This means that your password must be at least 8 characters long (and up to 128 characters) and contain at least 3 of the following 4 items:

• Lowercase letters
• Uppercase letters
• Numbers (0-9)
• Special characters, such as #, !, @, $, %, and so on.

Whenever you change your XSite password, your new choice must conform to this standard. This document contains some additional hints to help you choose a strong password that is still easy to remember.

		Note: If you ever find that you can’t remember your password, just click the Forgot Password link on the XSite Login page. Our online password reset utility let’s you reset your password quickly and securely.

Make your password as long as practical - Each character you add to your password makes it exponentially harder to guess or crack. XSites require that all passwords be a minimum of 8 characters, but we recommend that you make it longer. Passwords or “pass phrases” (see below) which are 14 characters or longer are the best.

Use a combination of letters, numbers and special characters - The more types of characters you use in your password, the harder it is to guess. There are only 26 letters in the alphabet. Using upper and lowercase letters doubles this to 52. Adding numbers and special characters increases it even further. Very few humans are going to guess passwords with symbols in them, and even computer hacker programs would take far longer to come up with the right answer.

Use passwords or phrases that are easy for you to remember but hard to guess - The easiest way to remember a password is to write it down. Contrary to popular belief, there is nothing wrong with writing down your password or a hint that will jog your memory… IF you’re confident you can restrict physical access to it. Typically, a password written on paper is more difficult to compromise across the Internet than a password stored in a file on your system or an electronic Password Manager.

Creating a Strong Password in 3 Easy Steps

1. Make up a short sentence – or Pass Phrase - that you can remember. For example, you might choose “my dog jack is a golden retriever”. If your sentence is too long to type every time you login, you can shorten it by removing the spaces. Or, just cut out some words:

   jackgoldenretriever

2. Now, make it more complex by mixing upper and lowercase letters:

   JackGoldeNRetreiveR

3. Finally, make it even more confusing to a would-be hacker by adding special characters that look somewhat like letters:

   J@ckG0ld3NR3tr3iv3R

There you have it! A strong password that is easy to remember, but is long enough and has a mixture of non-alphabet characters to make it very difficult to guess or hack using a brute force dictionary attack.

Positive Password Strategies

Keep your passwords secret - This may sound obvious, but it's the cornerstone of any password strategy. The rule of thumb is to treat your password with the same level of security you would the information it is protecting. Don’t share it with friends and family members. Children are especially vulnerable to giving up protected information to people they shouldn’t.

Restrict physical access to passwords - Assuming your password is sufficiently strong, a written password can only be compromised by someone who has physical access to it. This eliminates the armies of online hackers and snoopers that aren’t even in your local area. Don’t leave a written password anywhere that you wouldn’t leave the information it is designed to protect.

Never provide your password in e-mail - E-mail is not a secure method of information exchange. Messages are usually not encrypted and can be intercepted in transit. If you receive an e-mail message requesting you to supply or verify your password, it’s more than likely a fake “Phishing” scheme. Remember that a la mode will never ask you for your password in an e-mail or over the phone.

		Hint: Once you receive a password-reset e-mail message from us and gain access to your system, you should change your password immediately to something you’ve created.

Do not type passwords on computers that you do not control - Computers such as those in Internet cafés, computer labs, trade shows, airport lounges and other public access situations should be considered unsafe for purposes other than anonymous browsing. There are a variety of keystroke monitoring utilities that could be installed on a computer you don’t have physical control over.

		Hint: If you do have to type your password on a strange computer, go back and reset your password as soon as possible.

Password strategies to avoid

There are some passwords that meet the Strong Password standard, but are still easy to crack. Keep these caveats in mind when creating your password:

Avoid sequences or repeated characters - Although a password like ‘1234asDF” would pass the rule check as a strong password, the sequence of numbers and characters is too easy to guess or use a cracking program against.

Avoid your login name - Likewise, your e-mail address, any part of your name, birthday, social security number, or other personal information are bad ideas. These are the first things a hacker will try.

Avoid using a single dictionary word – even in a foreign language - Single words are vulnerable to both guessing - if the word has some known meaning to you - and to password cracking programs.

Don’t reuse the same password for access to multiple systems - If your password is compromised one place, the hacker then has access to any system you’ve protected with that one password.

Avoid storing your password in a file on your computer - Passwords stored unprotected in computer files are vulnerable if hackers gain access to the file. Also, whenever possible, avoid storing your passwords in keychain or password keeper type programs, as these, too, can be broken.

A Note on Virus Protection and Spyware

Install and keep current both your virus and spyware protection applications. Computer viruses and spyware are programs that can do anything the developer has designed them to do - including stealing your password! Some viruses sit quietly on your computer, monitoring everything you type, and then send this information back to the virus author. There it is mined for purposes ranging from compiling marketing lists to the outright identity theft.

Virus scanning software is not enough, as it may not protect against spyware programs such as “browser optimizers”. These unethical programs get installed - without your knowledge - when you install free games or other software. They often masquerade as tools for “enhancing your web browsing experience.” In reality, they capture your personal contact information, monitor and record the websites you visit, capture the information you type in websites and then transmit the information back to be used by telemarketers. Since the software is installed directly on your computer, even SSL protected web sites (such as most online stores’ Shopping Cart or Checkout pages) provide no protection. Personal information and passwords are captured along with all other information.

Final Note

If you’re ever concerned that your password may have been compromised, contact our support department at (800) 211-4514 so we can take appropriate measures to locate the source of the unauthorized attempts on your account. If you have additional questions about the security of your XSite or the data it contains, please contact us at info@alamode.com.