I read an article on Kevin Ohashi’s blog, and if you represent or work for a domain company, you better take notice. According to Ohashi, at least one major domain company is not storing customer passwords securely, and if this isn’t fixed by April 25, he will publicly name the company.
You can read the full details of the security threat on Kevin’s website, but the gist of it is that companies should keep client passwords encrypted, and he has noticed that one company does not appear to be doing so. This can put client accounts in peril, and if clients use the same password at different registrars, it can spell major problems.
I do my best to use different login information (user name and password) for each domain registrar I use. I know that no system is perfect, but account security is of utmost importance. Stolen domain names are expensive to recover, and that doesn’t include losses such as PPC/advertising revenue and missed sales opportunities.
I really hope Kevin doesn’t have to name the company that might have password issues, but if he does, let’s hope the company addresses those issues ASAP. It’s also a good opportunity for other companies to address their own password encryption system.
Thanks to Kevin for looking out.