Company takes precautions to reduce chances of domain theft after GDPR.
Domain name registrar Hexonet is taking two security precautions in preparation for GDPR, and I expect other registrars will implement similar changes.
First, it is turning on transfer lock for all domain names that aren’t ccTLDs. Customers can still unlock the domains to start a transfer. Any domain that is unlocked by a customer will automatically relock after 30 days.
Second, it is issuing new and stronger transfer authorization codes for domain names at the registrar.
The security is necessary because the transfer process for domain names is going to change once Whois records are obscured to comply with GDPR. Technically, transfers will not be able to proceed for thin-Whois domains like .com under the currently-approved ICANN rules if the gaining registrar can’t access the current owner’s email address. So some domain registrars are taking it into their own hands and are skipping a key step of the transfer process in which the gaining registrar gets approval from the current domain registrant. (Learn more about this here.)
This means it will be easier for someone who gains access to authentication codes to transfer domain names.