5 Tips to Keep Your Domain Registrar Account Secure

I am by no means a security expert, but my domain names are my company’s main assets, and as such, I do my best to protect my domain name assets as best as I can. I want to share some practical tips to helping you keep your domain registrar account secure.

Unfortunately, I don’t know of any 100% failsafe way to protect your domain registrar account, but hopefully these general tips will help you out. As always, contact your domain name registrar if you have any questions about account security or if you have specific questions about your account.

Keeping your domain name accounts safe:

Enable two factor authentication – If your preferred domain registrar offers some form of 2 factor authentication, activate it. Some registrars give customers security keyfobs with changing codes, others send text message codes to log in, and others have special security questions they ask upon login. Whatever your registrar chooses for enhanced security, you should activate this.

Choose secure passwords – Don’t use simple passwords or passwords with dictionary words in them, as they are too easy to figure out. Either choose long passwords with a mixture of numbers, letters, and characters, or choose a third party password generator service (like Norton’s Password Generator) to choose a secure password.

Use different passwords – It’s best to use a completely different password for each of your domain registrar accounts. You should also use a different password for your email account to be extra safe.

Don’t click links in emails – It seems that most domain name thefts occur as the result of a successful phishing or spear phishing campaign. People click a link they think is from their domain registrar, enter their information into the phishing website, and their account details are given to someone else. If your domain registrar emails you, there will most likely be a note in your registrar account to verify.

Keep your Whois and contact details updated – You’ll want to receive email notifications if anything on your account changes. Having updated contact details in your Whois record is important. If you don’t receive an account update email, you may not know your domain name was stolen until it is too late.

If you suspect that a domain name or your registrar account was compromised, contact your domain registrar immediately and ask to speak with someone on the legal team or a supervisor. If you have an attorney, get him or her involved early in the situation. Time is of the essence when it comes to security issues, and you’ll want to make sure your account situation is handled with the utmost care.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn
  1. Thanks. Some nice tips yeah. I like the first one but I wish GoDaddy opens up for my country soon.

    While keeping your WHOIS details updated I would like to add one thing specifically that to have your email address typed in correctly. I have seen on few occassions where someone mistyped their email ID in WHOIS. That way the domain entered in email ID can be available and someone can register that one to get your password by simply doing the forgot your password stuff.

    Make sure to double check the email ID you enter in WHOIS details while making any changes to it.

  2. An associate of mine had his Godaddy account hacked several days ago, no surprise to me….The hacker changed settings in the account for a possible takeover. When Godaddy was contacted the initial customer service rep proceeded to tell him he was the only one that could have changed the settings, and went on to blame the victim….??????…….The best advice for domainers and small business’s is to reconsider building a business around Godaddy, when customer service and security have become increasingly horrific….Godaddy, for many years, had the absolutely the best customer service…….Maybe they are spending too much time at the gym and tanning booth?????

  3. What do you mean Aaron? Godaddy is the very best when it comes to businesses, haven’t you seen the commercials? Hot men running in the streets? Nascar? Danics, Hot chicks with their nipples popping through their T-shirts?, All this is what makes a great Registrar, as for security and interface? who cares about minor stuff like that?.. lol

    It seems we only think of security after its too late, nice to see Elliot writing about it and reminding us how important it is…. I tried all the top Registrars, Enom and Moniker being the longest and although Fabulous doesn’t offer as wide a range of TLD’s as most Registrars do, they are by far the most Secure Registrar in existence today IMO.

  4. Raider,

    Are you recommending “Fabulous”?….I am currently looking to migrate from Godaddy, after the many, many customer service and security flaws that I myself have witnessed and read about…….It completely boggles my mind how a company such as Godaddy can go from absolutely the best customer service to the complete worst……Anyway I just opened an Enom account for my last domain and used hosting services other than Godaddy….Its go time and I don’t want to get stuck in their rut….

    • Absolutely Aaron, When you sign up to Fabulous, you’ll develop a real appreciation for their security, Even if your account is hacked, the hacker would have to know the answers to your security questions to make the slightest changes to your account or modifying a domain, They also offer another layer of security called E-Lock, which essentially freezes the domain.. And they have Free privacy protection, Although based in Australia, they have always responded to my emails with 24hrs.. Been there about 4 years now and never had a complaint.

      As for Godaddy? their way to big to care IMO, It’s always been more about marketing and profits than about providing customers with good products and customer service.

  5. Does Godaddy have any plan to offer two-factor authentication to non-US customers?

    Can you comment on the importance of setting TTL (of MX record as suggested in the ‘Naoki Hiroshima’ article)to a higher value? I did a search on the Internet but I still don’t get it. Say, your Whois email’s domain name is registered at Godaddy. If you change its TTL value to “One Week”, what does it mean? Do you still get emails from that email address within that week, even if the hacker already has access to your GD account and can change everything from within?

  6. Over Protected.

    I have found that be it banks or registrars it better to be over protected than protected. There are loop holes though and far be it for me to offer up info to the bad apples, but I think only the true are following your blog. That said, I recommend not providing something too basic e.g. ‘mothers maiden name’ that can be found on certain ancestry sites. Those basic questions are being pieced together slowly by mining.

    Secondly I would recommend NOT saving passwords when asked by your friendly computer- That is the absolute worst idea if lose your phone laptop ipad or a break-in your house and steal your pc.

    Secretly important- there are software being installed over the years that are ‘keystroke’ recording you get from going to sites and can get them the same as you get malware spyware etceteraware-so be aware this could compromise your password.

    TIP: there are also software programs like mentioned above that search through your computer files and email to find terms such as password. Also if you have an excel sheet or something that has the words “user name” and/or “password” and that’s how you reference it, you should change the word “password” to something like “dishwasher” instead.

    Finally not all registrars and hosting company reps have an automated system and are smaller level and therefore wont ask these ‘security verification’ questions all the time. Sometimes a rookie answering will take something much smaller to verify then go and change your password or something worse. Remember to keep 100% track of your domains especially if you have many. And the best thief is the one that creeps in undetected meaning you dont even know you were violated till much later.

Leave a Reply

Recent Posts

Nick Huber: “drop a little coin” for a Premium Domain Name

I do not know Nick Huber, but I see he has a large following on Twitter and frequently offers advice to startup founders and...

Trademarkia Hiring Lead Developer for Domain Registrar Integration

Trademarkia is a website I use occasionally to perform trademark-related searches. This morning, I noticed a job listing the company posted on LinkedIn that...

SquadHelp Ultra Premium Marketplace Goes Live

🎉 It's here! The Ultra-Premium Marketplace is live We've partnered with @HilcoDigital to curate an incredible collection of domains. More additions coming soon! 🌟 Check it...

ROTD Auction Web3 Domain Names

According to a press release I received a moment ago, Right of the Dot is auctioning "Web3" domain names in partnership with Unstoppable Domains....

Sage.ai Dispute Gives Guidance on Common One Word Domains

The latest #UDRP Digest (Vol 3.37) is out now! Read about some interesting cases including #sage.ai, #stable.com, #extenso.org and more, with commentary from @dnattorney...