Latest security lapses are another reminder of why we need added security.
Security has always been a concern for domain registrants and is frequently cited in the Domain Name Wire survey near the top of the list as to what’s important in a domain registrar.
I think it’s time registrants demand better security from their registrar, or threaten to move their domain names.
An ideal layer of added protection is two-factor authentication. GoDaddy offers this to U.S. customers, and Name.com has a solution as well.
GoDaddy’s system sends you a text with an additional login code each time you log into your account. If someone learns your username and password but doesn’t have your phone, they can’t get in. (See video below for how this works.)
Name.com uses a system from Verisign that provides single use login codes on a mobile app or keyfob. This is similar to Gmail’s two factor authentication. You can see it in action here.
Some people don’t want the added burden of using two-factor authentication. That’s fine; registrars typically make it optional.
There are less intrusive forms of added security that registrars can use as well.
If I log in to my bank’s web site from a computer it doesn’t recognize (i.e., I haven’t been cookied on a prior visit), the website will ask me to confirm my security questions. If someone logs in from an unknown computer or suspicious location, the bank will send a text message to my mobile.
These added security tools cost money. But in a competitive domain registration market, customers can demand this added security from their domain registrar.