Security Policy

DNS Security

We support DNSSEC. All records within our DNS domain are signed with a public key, allowing clients which support DNSSEC to verify the DNS information received is legitimate.

Encryption of web traffic

All traffic between your browser and our web servers is encrypted with ECDSA with SHA256 encryption. Any requests made over unencrypted HTTP connections are automatically redirected to the secure HTTPS version. We support the HTTP Strict Transport Security (HSTS) protocol and enforce a minimum TLS version of 1.0 (with TLS 1.3 available).

Caching and Firewalls

We use Cloudflare to provide global caching and firewall services. Publically available information may be stored on Cloudflare servers to enable fast reponse times to web site visitors. All traffic between Cloudflare and our origin web server is fully encrypted. Cloudflare also protects our web servers from attack by hiding our web servers IP address, filtering requests, challenging suspicious activity, and blocking recognised threats.

Encryption of passwords

All passwords are salted and encrypted using a one-way hash algorithm. There is no way we can determine what anyone’s password is.

Credit Cards

All credit card information is handled by our credit card payment gateways – Stripe or Paypal. At no stage is any credit card information stored by our servers – even temporarily. We only receive confirmation of transactions and corresponding transaction numbers.

Password Policy

We do not currently enforce minimum password requirements, or force users to periodically change their passwords. This is your responsibility. We do offer 2 Factor Authentication (2FA) to AFA members for those who wish to add another level of security.