Websites that handle financial transactions should add Registry Lock to their domains.
Brian Krebs wrote this weekend about a recent attack on cryptocurrency services via the domain name registrar GoDaddy.
In at least two cases, it appears that attackers were able to either transfer a domain to another account and modify its nameservers or otherwise modify nameservers on the domain names.
Social engineering attacks on tech company employees are likely to become more common as people work from home. Registrars must remain vigilant.
Site owners also need to take precautions. Websites that handle financial transactions (including cryptocurrency transactions) should use Registry Lock.
Registry Lock is different from typical domain locking offered by registrars. Domain locking merely prevents a domain from being transferred unless someone logs in to the account and unlocks it.
Registry Lock is much more sophisticated. It’s a service offered by the domain name registries through the registrars. Most Registry Lock products prevent people from transferring a domain or changing its nameservers without going through a multi-step process that involves both the registrar and registry.
In the case of Verisign, which operates .com, a domain owner who wants to change their nameservers would first contact their registrar. This would trigger a process in which the registry manually verifies the request.
It’s not foolproof and could be overcome with social engineering. But it’s a good second layer of protection. And while the service is much more expensive than a domain name, it’s a minimal expense as part of a business’ security budget.
Not all registrars offer Registry Lock. GoDaddy does not currently offer the service.
William says
Anyone have a list of registrars that offer this?
Tom Jones says
we use it with Gandi.net cause they offer it on many TLD’s
Michele Neylon says
Some registrars who offer it probably don’t advertise it, as it’s a manual process.
Andrew Allemann says
I imagine it’s not a money maker…more of a service to customers
patryk says
https://www.cloudflare.com/products/registrar/custom-domain-protection/
NameSilo says
At NameSilo, we are currently working to integrate this product. We’ll announce on our social media once launched.
Andrew Allemann says
How much will you charge?
NameSilo Team says
This feature is now live at NameSilo. The price is $12 per month.
NameSilo Team says
To clarify, our Registry Lock feature currently extends to Verisign TLDs (.COM, .NET, .CC & .TV).
Joey says
HEXONET.NET is offering it !
Joey says
https://www.hexonet.net/products/registry-lock
Mike Robertson says
Fabulous.com offers this; Executive Lock (E-Lock).
Steve says
Yup — been happily utilizing Fab’s Executive Lock for many years. Have never had a domain stolen.
Mike and his colleagues are great.
Michele Neylon says
We offer registry lock for any TLD (ccTLD or gTLD) that we are accredited for. The list on our side might not be 100% so just ask if there’s one you want https://www.blacknight.com/registry-lock/
Theo says
Registry locks start at 300 USD at Realtime Register and go up from there depending on your threat/risk level (can be very expensive).
https://realtimeregister.com/blog/riskreact-on-domain-name-security-domain-locks/