Domain owners should be concerned about their own security precautions, not just that of domain registrars.
Ever do something really stupid? That was me last night.
I had a couple passwords for brokerage accounts at home that I wanted to access from my laptop. I know it’s not a great idea to send passwords via email, so I sent a cryptic email to myself that included two account login IDs and partial passwords.
There was just one problem. When I typed the email out to myself, I somehow managed to send it to a distribution list with over 1,000 people. So much for auto-complete.
Practically speaking it wasn’t that bad, since the email didn’t identify much about the accounts. Upon learning of my mistake, I immediately changed the account usernames and passwords. More than anything, I’m just red in the face. Kind of like what happens when you forget to bcc an email.
When it comes to domain registrar security, we often point the finger at registrars for not storing passwords correctly, not passing logins through secure connections, etc. These are all important, but keep in mind that the most likely cause of a security breach is you.
Here are some password and security tips:
1. Don’t use the same password at various domain sites, such as forums, registrars, and subscription services. If one is compromised, the hackers will try them at different sites.
2. Use strong passwords. A friend who worked at an utility told me something like 80% of all passwords customers entered were “password” or “jesus”.
3. Change your passwords frequently. Have a routine schedule for making changes.
4. Don’t send your passwords out to mailing lists 🙂