Is the NZPFU Members Zone secure?
We have installed a Domain Validated SSL Certificate to protect the NZPFU Members Zone. SSL (Secure Sockets Layer) is the industry standard for web security.
SSL is a protocol used for secure and encrypted communication between computers. Our SSL Certificate validates this website’s identity, and encrypts the information members send to, or receive from, the NZPFU Members Zone. This keeps any undesirables from spying on any exchange between the Union and our members. With a SSL Certificate protecting our secure forum and private members blog, members can rest assured that the information they enter on any secured page is private and can’t be viewed by a third party. A SSL Certificate also inspires trust and shows members that we value their privacy.
SSL is best known by the green padlock and the HTTPS that pops up in the URL bar of your browser when a valid SSL certificate is installed. When a visitor to your website sees these two things, they are reassured knowing that their information is being encrypted.
But is 256-bit encryption enough?
We think it’s more than enough. To crack a 256-bit encryption key by brute-force, there would be 2256 possible combinations – a hacker would need to try most of the 2255 possible combinations before arriving at any conclusion. On paper, 2256 may seem like just a number, but don’t underestimate its power. 256-bit will have 115,792,089,237,316,195,423,570,985,008,687,907,853,269,984,665,640,564,039,457,584,007,913,129,639,936 (78 digits) possible combinations. No Super Computer on the face of this earth can crack this.
DigiCert estimate that standard desktop computing power would take 4,294,967,296 x 1.5 million years to break a 2048-bit SSL certificate. Or, in other words, a little over 6.4 quadrillion years.
How can I verify that the NZPFU Members Zone is safe?
When a member enters an SSL-protected page of the NZPFU Members Zone, their browser bar displays a padlock icon and the https:// prefix in the URL address. For example: https://members.nzpfu.org.nz.
What other server security measures have you employed?
Our host protects against brute force attacks at both the site and server level.
Our security systems use intelligent IP blocking to detect and block intruders across our network within seconds. At site level, the NZPFU Members Zone has a plugin installed to block repeatedly failed login attempts – this is highly effective at making brute-force attacks difficult or even impossible to perform.
Can the NZPFU see my password?
No. Your password is encrypted and cannot be viewed.
Are there other security risks?
It is a breach of our Rules of Entry and Communication to forward, copy or display the issues and conversation outside of the forum.
- We recommend and require that you set a complex password. You should use a combination of one lowercase letter, one uppercase letter, and one number (minimum 8 characters).
- We also recommend that you do not choose a username you wish to keep private. This is because your username is used in the URL linking your User Profile.
Will the topics and any replies I post be anonymous?
No. All topics and replies will be attributed to your Display Name (this is your full name and not your user name).
Why must I register using my Fire and Emergency e-mail address?
This is required for our verification checks. You are welcome to change the e-mail address associated with your account after your registration is approved.
Who are the moderators?
It’s no secret who our moderators are. Our current moderators and their allocated forums will always be available to logged in members here.
How were the moderators chosen?
Most moderators are elected Officials or Subject Matter Experts. Additionally, we distributed two Notices to Members on 14 February 2019 and 9 March 2019 calling for additional members to become moderators. All those members who put their hands up are being utilised to support the forum.
