Latest security lapses are another reminder of why we need added security.
We are constantly reminded that thieves want to hack into our domain registrar accounts and steal our domains.
Security has always been a concern for domain registrants and is frequently cited in the Domain Name Wire survey near the top of the list as to what’s important in a domain registrar.
I think it’s time registrants demand better security from their registrar, or threaten to move their domain names.
An ideal layer of added protection is two-factor authentication. GoDaddy offers this to U.S. customers, and Name.com has a solution as well.
GoDaddy’s system sends you a text with an additional login code each time you log into your account. If someone learns your username and password but doesn’t have your phone, they can’t get in. (See video below for how this works.)
Name.com uses a system from Verisign that provides single use login codes on a mobile app or keyfob. This is similar to Gmail’s two factor authentication. You can see it in action here.
Some people don’t want the added burden of using two-factor authentication. That’s fine; registrars typically make it optional.
There are less intrusive forms of added security that registrars can use as well.
If I log in to my bank’s web site from a computer it doesn’t recognize (i.e., I haven’t been cookied on a prior visit), the website will ask me to confirm my security questions. If someone logs in from an unknown computer or suspicious location, the bank will send a text message to my mobile.
These added security tools cost money. But in a competitive domain registration market, customers can demand this added security from their domain registrar.
Brian Diener says
I used to have the fob for my papyal account and enjoyed the additional security. The namesafe app looks great, I just downloaded it. More domain registrars should offer it.
Bari says
eNom offers Account Validation. It’s easy and it’s free! When you enable the Account Validation feature, you create a second level of verification to protect against unauthorized access and/or changes to your eNom account.
For more information click here:
http://www.enom.com/account-security/account-validation-overview.aspx?
Any additional questions, feel free to email me directly!
Robyn says
Domain security is a top priority at Dynadot and we also offer two-factor authentication for all accounts. In addition to our account lock feature, we have SMS authentication for customers without a smartphone and a token authentication app for those with a smartphone. Both of these features generate a security code and send it to the user’s phone. You can find out more on our security page: http://www.dynadot.com/domain/security.html
And you can always feel free to email me or our awesome customer service team with questions!
Raymond Hackney says
I have been saying this for awhile good post Andrew and I am really glad you posted it because I had no idea about Enom or Dynadot having these features.
Ms Domainer says
*
I have verification set up with Go Daddy; it can be a pain in the posterior, but it’s much better than trying to deal with a stolen domain.
*
Observer says
I hope Godaddy will do it for foreign customers asap.
Meyer says
Don’t you think this is something the registrars should have instituted 7-10 yrs ago?
Moniker use to be the most trusted registrar when Monte was around. But, I believe they lost domainer’s confidence over the years.
And, it was widely known Godaddy was the hijacker’s favorite registrar for years.
I hope more registrars start taking security seriously.