Following are answers to some of the most frequently asked questions about Allmythings. The questions are organized in categories for your convenience.
Can I run Allmythings on any computer?
Allmythings is a subscription service that is accessible through the Internet utilizing a web browser. Allmythings is designed to work with Internet Explorer 5.0 (or higher) or versions of Netscape 4.7. Allmythings should work with either browser and your operating system. Allmythings is also compatible with Mac OS 9.1 and above.
Is there a charge for using Allmythings after I have subscribed?
Depending on how you access the internet, you may be charged a fee by the service provider. However, once you have subscribed and paid the annual renewal fee, there is no additional charge for using Allmythings no matter how often you use it, or how many items you enter. You will be notified by email that your annual renewal will be charged to your credit card unless you tell us to cancel the service. If you require further information please email us at email@example.com
How can I contact Allmythings if I have not subscribed to the service?
You can contact us at firstname.lastname@example.org
Is on-line communications with Allmythings secure?
Yes. Security is one of the most important issues we faced in making this service available for our customers. We have taken strong measures to ensure that your information remains confidential.
The first step is the use of a secure browser. Certain browsers and certain computers have the ability to communicate securely by scrambling the information as it passes across the Internet. The method of communication is called SSL, or Secure Socket Layer. We require the use of a secure browser before a connection can be made to our system.
After you reach us using a secure browser, we take measures on our side to make sure your information is kept secure and confidential. Your information passes through a "firewall', which is a computer specifically designed to keep out unauthorized users. The information is also encrypted to ensure it can only be read by authorized people.
What is a browser and what does it do?
A browser is a software program that enables you to view Internet web pages on your computer screen. When you look at a web page, your browser translates HTML programming instructions sent over the Internet into the web pages you are accustomed to seeing. Some browsers are proprietary to an ISP (Internet Service Provider), others are not (Microsoft Internet Explorer, Netscape Navigator).
What makes one browser more secure than another?
Some browsers allow you to encrypt information, so that the information is scrambled as it passes over the Internet.
Some browsers offer more secure forms of encryption than other browsers do.
Even the same version of a browser can come with different levels of encryption. Netscape Navigator 3.0, for example, comes with either 40-bit encryption or the more secure 128-bit encryption.
What is encryption?
Encryption is the process of converting information into a more secure format for transmission. In other words the plain text is converted to scrambled code while being transmitted, and then decrypted back to plain text at the receiving end of the transmission.
It is comparable to writing a letter, converting it to code, putting it in an envelope and mailing it with the recipient de-scrambling the code.
Currently, there are 2 levels of encryption generally available in web browsers: 40-bit encryption, and 128-bit encryption. The 128-bit browser offers the highest level of encryption generally available in North America today and provides the best protection when transmitting confidential data over the Internet.
When using Allmythings on-line all your communications are encrypted.
What is the difference between 128-bit and 40-bit encryption?
The difference between these two types of encryption is one of capability. 128-bit encryption is exponentially more powerful than 40-bit encryption.
40-bit encryption means there are 2 to the 40th (over a trillion, or a 1 followed by 12 zeros) possible keys that could fit into the lock that holds your account information.
128-bit encryption means there are 2 to the 88th (a three followed by 26 zeroes) times as many key combinations than there are for 40-bit encryption. That means a computer would require exponentially more processing power than for 40-bit encryption to find the correct key.
How can I determine what level of encryption my browser supports?
Netscape Navigator for Windows lists its security level in its Help menu, under About Netscape. In the Mac version, it is listed under the Apple icon. In the section marked RSA Encryption, a sentence in bold describes either US or International security. The US refers to 128-bit and International to 40-bit encryption.
If you have a Netscape Navigator browser, the level of encryption you are currently using can be seen on your screen. When you visit an area of the site that does not require encryption, your browser will display the symbol of a broken key against a light blue background in the bottom left-hand corner of your screen.
If your browser supports the 40-bit encryption feature, when you enter into an area of the site that requires 40-bit encryption, your browser will display the symbol of a solid (unbroken) key with one tooth against a dark blue background in the bottom left-hand corner of your screen. A browser with this feature will not be able to enter areas of the site that require 128-bit encryption.
If your browser supports the 128-bit encryption feature, when you enter into an area of the site that requires 40-bit encryption, your browser will display the symbol of a solid key with one tooth against a dark blue background in the bottom left-hand corner of your screen. When you enter into an area of the site that requires 128-bit encryption, your browser will display the symbol of a solid key with two teeth against a dark blue background in the bottom left-hand corner of your screen.
How can I set the level of encryption on Microsoft Explorer?
For Microsoft Internet Explorer, click on 'File', then 'Properties', then select the 'Security' tab. From there scroll down to 'Security Strength'. If you are not sure, we encourage you to download and register the most current version of this software. Be sure to specify the 128-bit version from the list of available software that can be downloaded.
Microsoft displays the icon on the lower right corner of the browser. For a secure environment, Microsoft Internet Explorer (any version) uses a closed padlock; there is no icon for an unsecured environment. Microsoft Internet Explorer does not distinguish between 40-bit and 128-bit encryption on the browser screen.
Although 128-bit encrypting browsers are available for download under certain circumstances, the availability and means of doing so are changing daily. We encourage you to check with your browser provider in respect to the current status.
How can I maximize the security of my browser for Microsoft Explorer?
Make sure that your browser's safety level is set to 'High'. This selection ensures that Internet Explorer will only download signed or certified code to your computer. Select 'View' from the menu bar on top of your browser and then select 'Options'. When the 'Options' screen opens, you will see a series of tabs at the top. Select the 'Security' tab. Then, select the 'Safety Level' button near the bottom of that screen. The screen that opens will allow you to set your security level to high.
You can take advantage of the features that alert you when an ActiveX control, which is a type of program that can be downloaded from the Internet, is about to be downloaded onto your computer. It's a good idea to find out about the publisher or Web site by clicking on the information provided on the security certificates presented before you download an ActiveX program. When presented with certificates from unknown Web sites or publishers, exercise caution.
Most certificates give you the option to turn off future certification notices. Do not select this option if you wish to carefully monitor the source of the programs that you download onto your computer.
You have several other options on the 'Security' tab that allow you to choose what types of software can be downloaded onto and run on your computer. If you are particularly concerned about safety, you can choose to: not allow the downloading of ActiveX content; disable ActiveX controls and plug-ins; not run ActiveX scripts; or disable Java programs.
To make any of these selections, uncheck the boxes at the bottom of the 'Security' tab within the 'Options' menu of your Internet Explorer browser.
How can I maximize the security of my browser for Netscape Navigator?
If you use the Netscape Navigator browser to download programs from the Internet, you should know that Netscape will only accept an ActiveX control if you choose to purchase a plug-in. Plug-ins are software programs that extend the capabilities of Netscape Navigator in a specific way. For example, one of the plug-ins that allows you to accept ActiveX controls is NCompass ScriptActive(tm).
If you previously purchased and installed this plug-in and are particularly concerned about security, these are the steps you can take to disable this plug-in. First, go to 'Options' in the menu at the top of your Netscape browser and select 'General Preferences'. On the 'General Preferences' screen select the 'Helpers' tab. You can then remove the plug-in from your Helper menu list.
If you download programs from the Internet onto your computer, it's a good idea to find out about the program's publisher or web site. Additionally, you may want to only download programs from known or reliable sources.
If a security certificate is presented to you when downloading a program from the Internet, you may be given the option to turn off future certification notices. Do not select this option if you wish to carefully monitor the source of the programs which you download onto your computer.
What is a firewall and what does it do?
An Internet Firewall is made up of a combination of hardware and software, which is designed to securely separate the Internet from internal computer systems and databases. At Allmythings, data coming from customer computers via the Internet flows through a series of safety check points on its way to our internal systems. Data is encrypted between the customer and internal systems to protect it from unauthorized disclosure or modification.
What does security on the Internet mean?
Security on the Internet means that transmissions sent from one source to another maintain their confidentiality and integrity.
Confidentiality means that unauthorized users cannot read any transmissions sent from one party to another.
Integrity means that messages are not altered during transmission.
What steps has Allmythings taken to ensure the privacy and security of your information on its Web Site?
Our top priority is to protect the confidentiality and integrity of our customer's information. We have ensured that the appropriate safeguards have been implemented each step of the way. These safeguards include:
- encryption - all applications and other communications requesting confidential information (i.e. anything other than your name, address, telephone number and e-mail address) must be set up in a secure environment on our site, transmitted to us securely through the use of encryption and maintained in a secure format upon receipt by us.
- firewalls - Allmythings has an Internet firewall designed to securely separate the Internet from our internal computer systems and databases. Data coming from customer computers via the Internet flows through a series of safety check points on its way to our internal systems so that only authorized messages and transactions enter our computer systems.
- monitoring - Allmythings monitors all internal systems to ensure that there has been no security attack or attempted break-in. We also arrange for regular independent security checks on our computer systems to ensure our high standards are being complied with.
can I do to protect my accounts and personal information while
using an online service?
You also play a role in maintaining the security of your information.
Encrypting your data is the best way to ensure your privacy is
protected while using the Internet. Become familiar with the level
of encryption of your browser and if necessary, upgrade for greater
protection. Here are some additional things you can do:
- Use the built-in security features of your browser. Choosing certain security settings and options will help protect your accounts and personal information. For more information, look at our detailed instructions on how to maximize the security of your browser or review your browser documentation.
- Protect your password by choosing one that is difficult to guess. Avoid words that may be found in the dictionary, as these are easy to guess.
- Change your password regularly.
- Do not share your password with anyone.
- Never write your password down or store it in your computer where it is automatically replayed. If someone walked up to your PC and replayed your logon sequence including a stored password, then they can connect as if they were you.
- Always key in your password yourself for each logon to Allmythings.
- Remember to sign off when you are finished using Allmythings.
For more details on effective password management see the section below.
Can other people view my personal information when using the web?
Yes and no. If you have encrypted your data, then it cannot be viewed while it is being transmitted. However your browser will store your information in memory (cache) after it has been sent. Some sites that you visit after ours may search this memory and obtain information that you haven't intended to provide. To protect yourself from this clear the cache after visiting any secure site.
How do I clear my cache?
Since the process required to clear the cache differs from one browser to another, please refer to your browser help files for details.
Does Allmythings support beta versions of browsers?
Not officially, as we don't formally test them.
Are E-mail transmissions secure?
Only if encryption is used to protect them. Please refer to your email program help files to determine if encryption is available.
Are there alternatives to applying on-line?
At this time Allmythings will only accept applications on-line.
Is it safe to give your credit card number when subscribing to Allmythings over the Internet?
The encrypted and secure environment is as safe as we can make it, because we conform to the Secure Electronic Transaction (SET) protocol, jointly developed by Visa and MasterCard. It has been extensively tested.
SET relies on key parties in a credit card transaction each having a digital certificate, which allows their identity to be authenticated by other parties in the transaction. The key parties are the cardholder, the merchant and the payment gateway. Each of these parties must also have specific software that corresponds to the SET protocol. Numerous SET tests are underway around the world.
What is a cookie?
A cookie is a small file containing certain pieces of information that a Web site creates when you visit the site. Cookies can track how and when you use a site, and which site you visited immediately before, and they can store that information about you.
There are two common types of cookies, session cookies and persistent cookies. Session cookies store information only for the length of time that you are connected to a Web site - they are not written onto your hard drive. Once you leave the Web site, the originator of the cookie no longer has the information that was contained on it.
The information stored in persistent cookies is written onto your hard drive and remains there until the expiry date of the cookie. Currently, most browsers do not distinguish between session cookies and persistent cookies.
Allmythings does not use session cookies or persistent cookies. Therefore, you can set your browser to not accept cookies without impacting your visit to Allmythings. As a general recommendation, if you enable your browser to accept cookies while you are surfing other Web sites, we recommend that you enable your browser to notify you when it is receiving a cookie. This gives you the ability of accepting or rejecting any cookie presented by the Web server you are visiting.
The Allmythings server will monitor your IP address and your session ID, which are created at the beginning of your session. This ensures that we are always dealing with just you throughout a login period. We rely on you keeping your user ID and password safe between sessions.
Can I change my web password at any time?
Although you are not required to change your Web Password on a regular basis, Allmythings recommends that for security purposes you should periodically change your password.
How do passwords help protect confidentiality?
One of the easiest and most effective access control methods is the use of passwords. Although passwords are a convenient way of protecting system access, users often defeat the security measures by carelessness or improper use. It is therefore necessary for all system users to strengthen passwords and ensure their confidentiality at all times.
Keep your password safe as you would the key to your house. Your password is what stands between an intruder and your data.
How can I avoid using weak passwords?
There is a tendency to select a password that are easily guessed. Often a user selects a password based on memorable dates, dictionary words, first names, last names, streets, cities, sports teams, car license numbers, addresses, social security numbers or telephone numbers.
Although this seems harmless, such passwords are inherently weak because they can be anticipated and easily guessed by an impostor. Someone trying to guess your password will try your name, date of birth, nickname and those of your spouse and children. A more enterprising impostor may gather a substantial collection of candidates from dictionaries and mailing lists and search them for your password. At 1 millisecond per possible password choice, it takes less than 4 minutes to search a 250,000 word commercial dictionary.
How can I improve the strength of my password?
A password offers no protection to any system or data if it can be guessed easily. Ideally, passwords should be easy to remember by the user but hard to guess correctly by anyone else. By applying the suggested password selection procedure listed below, and ensuring password confidentiality, one can considerably improve the strength of a chosen password.
1. Choose a string of alphabetic characters that is easy to remember using one of the following techniques.
- Type a common word, but shift your hands up or down one or two rows on the keyboard. For example shifting down one row on the keyboard changes "TUESDAY" to "GJDXCZH".
- Move over one letter on the keyboard for each character; "TUESDAY" becomes "YURDFSU".
- String words together to form one word, like "ITSABOY".
- Use synonyms/antonyms for syllables like "SNOWMILK" for "ICE CREAM".
- Use phonetics ("CHRIS" becomes "KRIS") or reversal ("MIKE" becomes "EKIM").
- Create an acronym from an expression. For example, take the first letter of a common expression, such as "go with the flow" to make the acronym "GWTF". Or take only some letters from an expression, such as "Lazy days and mondays always get me down!" to form the acronym "LZDAMGMD".
2. Choose a string of at least 1 or more numbers that is easy to remember and insert it somewhere in the password.
3. Using some rule that you create, combine the string of alphabetic characters with the string of numbers to create an alphanumeric string. This alphanumeric string should be at least 5 characters long. Using this procedure, one might select, say "CARL" and "129". A possible resulting password could be 1C2AR9L, which is much less obvious than either of the easily remembered sequences.
What other tips should I consider when choosing my password?
- DO NOT SHARE YOUR PASSWORD WITH ANYONE.
- CHANGE YOUR PASSWORD REGULARLY.
Change your passwords at least once per month, or more frequently for highly-sensitive data, to make it harder for someone to gain unauthorized access.
- USE A UNIQUE PASSWORD FOR EACH SYSTEM.
Always use a different password for each system you access.
- IF COMPROMISED, CREATE A NEW PASSWORD.
If you suspect that your password has become compromised, choose a new one immediately.
- IF WRITING IT DOWN, SECURE IT.
It is strongly recommended that you NOT write down your password. However, if you really must record your password, it should be done in a form recognizable only to you and kept in a secure place. Even in an obscured form, the written record provides clues that someone could use to "break" your password.
- DO NOT STORE YOUR PASSWORD ON THE COMPUTER.
Passwords should not generally be stored in the computer. Function keys should not be programmed with your password to complete a sign-on procedure.
- PROTECT YOUR PASSWORD IN DEMOS.
Do not use your regular passwords for demonstration purposes. Instead, change it to a temporary password before giving the demonstration.
What if I can't remember my Web Password and/or my access has been locked?
Please email us email@example.com
I have received an error while logging on. What do I do?
Your account information is incorrect please email us at firstname.lastname@example.org