App-based authentication is better than SMS authentication.
Two-factor authentication is a must-have to improve the security of your domain name registrar accounts. Most major domain registrars offer it now. If yours doesn’t, it’s time to change registrars.
There are two main types of two-factor authentication in use today:
1. SMS based. When you enter your username and password you receive a text message with a one-time verification code that you enter in your browser.
2. App based. After you enter your username and password you open an app to get a one-time code.
While most registrars started with an SMS approach, more are offering the app-based approach. You should consider enabling app-based authentication.
SMS authentication has a couple issues. First, they aren’t always reliable since you’re dealing with mobile phone networks. Second, people are starting to crack them.
I recently set up app-based authentication with GoDaddy and prefer it to the text messages I used to receive. The only downside is when you need to authenticate in its app; you need to go back to the authenticator app and remember the code instead of having the SMS pop up over the app.
The most popular two-factor app is Google’s Authenticator app. You can get codes for all of your accounts (GoDaddy, Uniregistry, eNom, etc) on one screen.
I hope that registrars add support for security keys soon, too.
For added security against domain theft, check if your registrar offers added security checks. If you spend enough money with GoDaddy to have an account manager, you can have them call to verify transfers before they leave your account.
John Harrison says
My SMS codes weren’t coming through at all for some weird reason. I had to disable 2-factor to access my account which was a complete ball-ache. I kept it off for a while before enabling the Google authenticator which is so so much better, save having to remember the code.
Brad says
Make sure to print out your qr codes and keep them in a safe place in case you lose your phone.
Does anyone know if you backup your phone and then restore it to a new phone, will the authenticater still work?
Jeremy Leader says
If you switch to a new phone, you’ll probably have to re-synch the authenticator app, which is similar to setting it up in the first place (you have to log in using a backup code or the old phone, then give two consecutive tokens from the new phone, usually).
Andrew Allemann says
That’s true. How often do you switch phones?