Yesterday morning, I wrote about the need for GoDaddy to add 2 factor authentication (2FA) at Afternic to enhance account security. While we are discussing account security, I also think it is important for Escrow.com to offer its customers a form of 2FA for account logins.
The potential security issues at Escrow.com and Afternic are different, but the ramifications are serious on both platforms. If someone would gain access to my Escrow.com account via the password, they would have access to all of my domain name sales and acquisitions that have been transacted via Escrow.com. Similarly, if someone gains access to a domain broker’s Escrow.com account, they would have access to client domain name sales data.
If someone gained access to an Escrow.com customer account, they could see current bank account information and could also change bank account information. I do not believe this is a major threat, though, for two reasons. For one, the account holder would be notified of the update via email and would be able to contact support or log in to remove that bank account information immediately or before the next transaction if done fraudulently. In addition, if a new bank account is added as a default, the person who made the change would be easier to identify.
In theory, a hacker who has stolen a domain name and has account access at Escrow.com could also facilitate transactions to create a paper trail of legitimacy for those stolen domain names. This is a bit far fetched and would be pretty unlikely from my perspective.
Domain name sales data is quite valuable, especially when it involves third parties who have not authorized the release of this data. I think Escrow.com should add a form of 2 factor authentication, allowing its customers to add a layer of login security for their accounts. The threat may be limited to data, but domain name sales data is valuable, especially when it spans many years. One scary thing is that if someone did gain unauthorized access to an account, perhaps a reused or easy password, the account owner would likely have no idea if no changes were made or transactions were started.
Obviously, people should use unique and complex passwords at each website where they have an account. Unfortunately, many people still reuse passwords at different websites or they have easy to guess passwords. I think 2 factor authentication can help reduce this risk, and I would like to see Escrow.com start offering 2FA.