I am by no means a security expert, but my domain names are my company’s main assets, and as such, I do my best to protect my domain name assets as best as I can. I want to share some practical tips to helping you keep your domain registrar account secure.
Unfortunately, I don’t know of any 100% failsafe way to protect your domain registrar account, but hopefully these general tips will help you out. As always, contact your domain name registrar if you have any questions about account security or if you have specific questions about your account.
Keeping your domain name accounts safe:
Enable two factor authentication – If your preferred domain registrar offers some form of 2 factor authentication, activate it. Some registrars give customers security keyfobs with changing codes, others send text message codes to log in, and others have special security questions they ask upon login. Whatever your registrar chooses for enhanced security, you should activate this.
Choose secure passwords – Don’t use simple passwords or passwords with dictionary words in them, as they are too easy to figure out. Either choose long passwords with a mixture of numbers, letters, and characters, or choose a third party password generator service (like Norton’s Password Generator) to choose a secure password.
Use different passwords – It’s best to use a completely different password for each of your domain registrar accounts. You should also use a different password for your email account to be extra safe.
Don’t click links in emails – It seems that most domain name thefts occur as the result of a successful phishing or spear phishing campaign. People click a link they think is from their domain registrar, enter their information into the phishing website, and their account details are given to someone else. If your domain registrar emails you, there will most likely be a note in your registrar account to verify.
Keep your Whois and contact details updated – You’ll want to receive email notifications if anything on your account changes. Having updated contact details in your Whois record is important. If you don’t receive an account update email, you may not know your domain name was stolen until it is too late.
If you suspect that a domain name or your registrar account was compromised, contact your domain registrar immediately and ask to speak with someone on the legal team or a supervisor. If you have an attorney, get him or her involved early in the situation. Time is of the essence when it comes to security issues, and you’ll want to make sure your account situation is handled with the utmost care.