With domain hijackings seemingly at an all time high, I think now is the time for a public domain registrar to take action. I believe security key fobs are a nearly impenetrable line of defense that should be put into action by a responsible registrar. This would curtail domain hijackings, potentially saving registrants thousands of dollars in legal fees and hundreds of hours fighting to have their domain names returned.
Domain hijackings can occur when a hacker gains access to a person’s domain registrar account. This can be done by hacking into someone’s email account using a variety of methods or by hacking into the actual domain account. Either a weak password or a multitude of other factors can potentially lead to this outcome. Once a hacker is in possession of the registrar account, there are many ways he can control the domain names without raising the attention of the domain owner. If the domain names are transferred to another registrar, it may be too late for the rightful owner to take action, and the process of getting the domain names returned can be costly and time consuming.
Domain names are intangible assets, and the loss of one can be fatal to a business. It can mean missed sales, lost emails sent to addresses linked to the domain name, confused customers, and it can be emotionally draining on the registrant. While we are able to secure our tangible assets such as jewelry or property deeds, it is more difficult to secure our domain assets. For example, if I lose the key to my safety deposit box, the bank doesn’t simply permit the finder to access the box. As it currently stands in the domain business, if a hacker gains access to my domain account though unscrupulous actions, he may be able to take control of my domain names. I don’t think its fair to be held accountable for something that may be out of my control.
With that said, I think a security key fob with a changing passcode (similar to what Paypal offers) could help secure a domain registrar account. I would pay a premium for this service, and I am sure others would as well. Having good security is a unique selling point that distinguishes some registrars from others. Having the best security system in place before competitors would certainly give one registrar a major competitive advantage. Most registrants wouldn’t want multiple security key fobs, so consolidating all domain names at the most secure registrar would be the most likely outcome.
I urge all registrars to take action, no matter how secure you believe your system is.