Yesterday morning, I wrote about the need for GoDaddy to add 2 factor authentication (2FA) at Afternic to enhance account security. While we are discussing account security, I also think it is important for Escrow.com to offer its customers a form of 2FA for account logins.
The potential security issues at Escrow.com and Afternic are different, but the ramifications are serious on both platforms. If someone would gain access to my Escrow.com account via the password, they would have access to all of my domain name sales and acquisitions that have been transacted via Escrow.com. Similarly, if someone gains access to a domain broker’s Escrow.com account, they would have access to client domain name sales data.
If someone gained access to an Escrow.com customer account, they could see current bank account information and could also change bank account information. I do not believe this is a major threat, though, for two reasons. For one, the account holder would be notified of the update via email and would be able to contact support or log in to remove that bank account information immediately or before the next transaction if done fraudulently. In addition, if a new bank account is added as a default, the person who made the change would be easier to identify.
In theory, a hacker who has stolen a domain name and has account access at Escrow.com could also facilitate transactions to create a paper trail of legitimacy for those stolen domain names. This is a bit far fetched and would be pretty unlikely from my perspective.
Domain name sales data is quite valuable, especially when it involves third parties who have not authorized the release of this data. I think Escrow.com should add a form of 2 factor authentication, allowing its customers to add a layer of login security for their accounts. The threat may be limited to data, but domain name sales data is valuable, especially when it spans many years. One scary thing is that if someone did gain unauthorized access to an account, perhaps a reused or easy password, the account owner would likely have no idea if no changes were made or transactions were started.
Obviously, people should use unique and complex passwords at each website where they have an account. Unfortunately, many people still reuse passwords at different websites or they have easy to guess passwords. I think 2 factor authentication can help reduce this risk, and I would like to see Escrow.com start offering 2FA.
Spot On. Can’t understand why companies are reluctant to implement basic features like this one.
no brainer… 2FA is an almost 10 year old standard. Is the domain industry really that far behind the curve??
Wow, surprised not offered already!
All it takes is one hack and their reputation goes down the drain.
Regards,
BullS
MBA,PhD
Magna cum laude
Graduate of Domain King Academy
MBA-My Big Ass(all of you have one)
PHD-people having dickheads
Escrow.com should already have 2FA!
Probably never see 2FA on Afternic.
Also SEDO should have 2FA