Our Commitment to Security
We have established very strong safeguards to ensure that your account information is never disclosed. Your Ziffi account password is encrypted in a way which prevents them from being retrieved by anyone including all Ziffi employees. To ensure you feel comfortable using Ziffi we are disclosing the practices we use to keep your information secure. We will try to explain the technicalities in layman's terms.
There are two ways to encrypt a password:
- The first is to cryptographically hash your password. The resulting hash is irreversible and you cannot convert it back into a password. However, putting a password through the hashing algorithm will always result in the same hash.
- The second is to encrypt using a key. If you know the key you can decrypt the data.
In order to protect your account information we store only the hash of your Ziffi account password on our servers - not the password itself. Whenever you log into Ziffi your password is hashed and compared to what we have stored in order to authenticate you.
This security comes with a little inconvenience. If you forget your Ziffi account password, we can not retrieve it for you. An email will be sent to the registered email address on file with instructions on how to reset your password.
Security of Data Transmission
Also, we protect your account information by employing the industry standard 256 bit SSL (Secure Socket Layer) encryption for transfer of sensitive data from your browser to our servers.
Encryption is a process of scrambling information using random mathematical algorithms ensuring that only Ziffi servers can receive this information in an understandable format. SSL is a protocol developed by Netscape that enables a web browser and a web server to communicate securely. Security is provided in two different ways:
- authenticating the web server to the client using a digital certificate; and
- encrypting all information sent.
You can identify whether your Ziffi session is secure or encrypted when you see a padlock (some variation of the images shown on right) in the bottom or top of your browser window. Clicking on the padlock will also provide you with details on the Security Certificate pertaining to the encrypted session.
The combination of the Ziffi's SSL-enabled web server and a valid security certificate provides you with three things:
- Authentication: You can be assured that the company that installed the certificate is the true owner of the website.
- Message Privacy: Using a unique session key, SSL encrypts all information exchanged between your computer and our servers. This ensures that personal information cannot be viewed if intercepted by unauthorised persons.
- Message Integrity: The data cannot be tampered with over the Internet.
Data transmission of the Ziffi's main online forms is protected through the application of a SSL certificate provided by Comodo.
A security verification image such as one displayed at left will be on all our pages containing the secure forms. This will verify the authenticity and encryption procedures associated with securing your information.
The Comodo Web Server Certificate connects at 256 bit, 128 bit, 56 bit or 40 bit depending on your browser's capability.
The vast majority of computers use browsers more recent than Internet Explorer 6 or Firefox 2. If your browser is earlier than either of these, to secure the maximum 256 bit encryption provided by the Comodo Web Server Certificate we recommend that you update your browser.
This is nothing new and we're not revealing anything compromising about our security practices. We want to be open with our users and felt you should know what is being done to secure your data. Any security expert will vouch for the fact that this is exactly what we SHOULD be doing. Rest assured that your data is safe and we'll always do our best to keep it that way.