Questions regarding account security, can be addressed to onXmaps support, who will forward the inquiry on to our security team.
Responsible Disclosure Policy
onXmaps users are responsible to protect the security of their account. To assist in protecting your account, we offer these suggestions:
Shor, or simple passwords are easy for modern machines to guess. To avoid compromise due to password guessing:
- Use passwords that are easy to remember, but hard to guess.
- Use a password in excess of 10 characters.
- Consider using a memorable sentence with words separated by non-alphabet characters such as “boulder-crawling-with-my-four-X-four” or “remember2bring-bearspray4the-kids!”.
- Avoid re-use of passwords from other websites, as compromise of one account may lead to compromise of the other.
- Do not share your password with anyone, as you will lose control over whether they share it with someone else!
- Consider the use of a password manager native to your device. This will allow you to set a very strong password, without concern of having it forgotten.
- Consider changing your password on occasion
Watch for Phishing and Fraudulent Sites
Scammers may entice you to compromise your own account or payment information by pretending to be a representative of onXmaps. onXmaps personnel will not contact you to ask for your password or account information. If something sounds suspicious, engage us directly instead by using our official support contact information, helpdesk site, or payment forms on our secure and validated sites. Take care to not enter your account information in a site that appears to be mimicking onXmaps, such as from an unfamiliar domain.
Mobile Device Security
To protect mobile application data, secure your phone with a pin code or biometric lock. An attacker with access to your phone may be able to retrieve your saved password from your profile, or be able to inspect application data stored on the device.
Monitor Account Activity
Users familiar with their own accounts will be able to notice unusual activity such as markups being added or modified.
Ensure the email address associated to your account is current and accessible to you in the event it is needed for password recovery. Monitor email addresses related to your account for password reset notifications, or changes to subscriptions that may indicate your account is being targeted.
If you suspect any unauthorized activity, reset your password and consider contacting support to allow us to investigate.