In the past, we required you to have a "strong" password which meant it must be at least 8 characters long and contain at least 3 of the following: lowercase letters, uppercase letters, number (0-9) and a special character(!,@, $, %, etc.)

• If you change your password using our online account management at http://www.alamode.com/myaccount, we are no longer requiring the strong password. Just remember that the password you setup here does carry through to your XSite and any other products or services.
• If you change your password in the User Management portion of your XSite, you may still be required to use a strong password.

If you decide to use a strong password, this document has some tips for making a good one that is easy to remember and type.

		If you ever forget your password, just click the Forgot Password link on the login page. You'll either be prompted with a security question you've answered before or sent a link to the e-mail address associated with your account that will let you enter a new password.

Creating a Strong Password in 3 Easy Steps

1. Make up a short sentence – or Pass Phrase - that you can remember. For example, you might choose “my dog jack is a golden retriever”. If your sentence is too long to type every time you login, you can shorten it by removing the spaces. Or, just cut out some words: jackgoldenretriever
2. Now, mix the upper and lowercase letters: JackGoldenRetriever
3. Finally, make it even more confusing to a would-be hacker by adding special characters that look somewhat like letters: J@ckG0ld3nR3tr13v3r

There you have it! A strong password that is easy to remember, but is long enough and has a mixture of non-alphabet characters to make it very difficult to guess or hack using a brute force dictionary attack.

Positive Password Strategies

Keep your passwords secret - This may sound obvious, but it's the cornerstone of any password strategy. The rule of thumb is to treat your password with the same level of security you would the information it is protecting. Don’t share it with friends and family members. Children are especially vulnerable to giving up protected information to people they shouldn’t.

Restrict physical access to passwords - It's okay to write down your password. Just don't leave it somewhere near the sensitive data it's supposed to protect.

Never provide your password in e-mail - E-mail is not a secure method of information exchange. Messages are usually not encrypted and can be intercepted in transit. If you receive an e-mail message requesting you to supply or verify your password, it’s more than likely a fake “Phishing” scheme. Remember that a la mode will never ask you for your password in an e-mail or over the phone.

Do not type passwords on computers that you do not control - Computers such as those in Internet cafés, computer labs, trade shows, airport lounges and other public access situations should be considered unsafe for purposes other than anonymous browsing. There are a variety of keystroke monitoring utilities that could be installed on a computer you don’t have physical control over.

		Hint: If you do have to type your password on a strange computer, go back and reset your password as soon as possible.

Password strategies to avoid

There are some passwords that meet the Strong Password standard, but are still easy to crack. Keep these caveats in mind when creating your password:

Avoid sequences or repeated characters - Although a password like ‘111111aB” would pass the rule check as a strong password, the sequence of numbers and characters is too easy to guess or use a cracking program against.

Avoid your login name - Likewise, your e-mail address, any part of your name, birthday, social security number, or other personal information are bad ideas. These are the first things a hacker will try.

Avoid using a single dictionary word – even in a foreign language - Single words are vulnerable to both guessing - if the word has some known meaning to you - and to password cracking programs.

Don’t reuse the same password for access to multiple systems - If your password is compromised one place, the hacker then has access to any system you’ve protected with that one password.

Avoid storing your password in a file on your computer - Passwords stored unprotected in computer files are vulnerable if hackers gain access to the file. Also, whenever possible, avoid storing your passwords in keychain or password keeper type programs, as these, too, can be broken.

A Note on Virus Protection and Spyware

Install and keep current both your virus and spyware protection applications. Computer viruses and spyware are programs that can do anything the developer has designed them to do - including stealing your password! Some viruses sit quietly on your computer, monitoring everything you type, and then send this information back to the virus author. There it is mined for purposes ranging from compiling marketing lists to the outright identity theft.

Virus scanning software is not enough, as it may not protect against spyware programs such as “browser optimizers”. These unethical programs get installed - without your knowledge - when you install free games or other software. They often masquerade as tools for “enhancing your web browsing experience.” In reality, they capture your personal contact information, monitor and record the websites you visit, capture the information you type in websites and then transmit the information back to be used by telemarketers. Since the software is installed directly on your computer, even SSL protected web sites (such as most online stores’ Shopping Cart or Checkout pages) provide no protection. Personal information and passwords are captured along with all other information.

Final Note

If you’re ever concerned that your password may have been compromised, contact our support department at (800) 211-4514 so we can take appropriate measures to help you secure your account. If you have additional questions about the security of your data, please contact us at info@alamode.com - but remember: don't include your password in such an e-mail!