Security is My Top Priority at a Domain Registrar

During the past several weeks, there have been quite a few articles that broach the topic of domain theft. From email hacking to phishing to security breaches, there are many ways a domain name can be stolen from its rightful owner. The security of my domain names is the top priority for me when choosing a domain registrar.

With domain names being an intangible asset that I cannot physically protect, I rely heavily on the domain registrars I choose to help me protect my domain names. I have a responsibility to ensure my password is strong and added security like two factor authentication is enabled when possible, but there are other aspects to domain name security beyond what I can control. The domain registrar is responsible for ensuring that their database and technology is secure and does not allow for unauthorized access. They need to be sure their systems work properly, and they need to be proactive against threats.

On Labor Day, I wrote an article covering Namecheap’s “urgent security warning.” In its blog post, the company reported that it had “determined that the username and password data gathered from third party sites, likely the data identified by The Register (i.e. not Namecheap) is being used to try and gain access to Namecheap.com accounts.” At the time, I was thankful that I have 2 factor authentication enabled on my registrar accounts where I have my valuable domain names.

Recently, I received emails from Moniker regarding a password reset at my accounts. I looked into my accounts, and I noticed one had an IP address log in that I did not recognize as my own. This account did not have any domain names in it, and the email address on file is one I hardly ever use for anything. After a bit of research, I recalled  that I had used this email address  to create pdfs on the Adobe website a long time ago, and that website had notoriously been hacked  with email addresses and passwords stolen a while ago. Luckily because I had no domain names associated with the account, this is more of a wake up call for me, and I have no idea if the log-in IP and Adobe website hack are related at all.

According to a Washington Post article, a cyber gang has a database containing  “4.5 billion stolen Internet credentials,” and I presume that quite a few of these accounts are also  associated with domain registrar accounts. With that said, I think a domain registrar  needs to be proactive in helping to protect domain registrant accounts. Yes, domain owners need to have strong passwords and protect their associated accounts (ie email address connected with accounts), but I also think there should be countermeasures put into place to prevent hackers from using stolen email addresses and passwords to access accounts. I am hopeful the domain registrars I use  are proactively monitoring log-ins to prevent unauthorized access.

As Mike Berkens noted this morning, “Domain security is the most important service a domain registrar provides and the lack thereof should give rise to De-Accredited faster than anything else.” I agree with Mike. Pricing and customer support are also important, but without proper  domain security, I wouldn’t use a particular domain registrar in the first place.

As a domain name owner, the security of my domain names is the top priority and I need to trust that my registrars are proactive about keeping them secure. If I lose trust in a particular domain registrar, I will transfer my domain names out in order to protect them. There are only so many ways I can protect my domain names, and the domain registrar plays a critical role in keeping my domain names safe.

I put a lot of trust in my domain registrars, and I expect them to protect my domain name assets and ensure that I am doing my part in protecting them as well.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn

9 COMMENTS

  1. I think domain owners should be equally concerned about the Registrars they use that push expiring domains to auction for a cut of the sale.. If your Registrar does not sort your domains by date by default, this is a sign you should move, another sign is when they don’t send you a renewal notice or your domain(s) are expiring… Sadly, Domain hijackers are not the only crooks in our industry.

    • Renew them? naturally they would do that if they knew their domains were expiring, sometimes they don’t know because the Registrar in their clever ways, intentionally makes it hard for the registrant to know their domains are expiring.. It happened to me awhile back before I moved all my domains to another Registrar.

      “I would rather them push expired domain names to auction rather than keep them.”

      I’d rather let them go through the entire Redemption and Pending Delete process which allows the registrant a lot MORE time to retrieve his/her domains.

  2. At ISPCircle.com we have built several rings of security to minimize similar incidents, including:

    * enforcing strong passwords
    * IP restriction (with IP logging)
    * Two Factor Authentication (2FA)
    * SSL-protected Control Panels
    * Call-in Pin

  3. I think many domain investors have always considered security when choosing domain registrars. Some surveys have shown that price and customer service were among other factors. But I think security beats price in certain ways. Security allows you to sleep well at night. 2-factor authentication might be the future of domain registrar security.

  4. Elliot can I ask you please whats your revenue percentage comes from domain sales and from sites you own (dogwalker, this site, etc)
    You said that a few times in the past but I am interested how this situation looks like today. How things work for you.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

Failed Transfers Aren’t Automatically Refunded

9
I keep most of my domain names registered at GoDaddy because I find it is easier to manage a portfolio at one registrar. Throughout...

Updated: Escrow.com No Longer Supporting Payments To/From China and Israel

5
Update: After publishing this article, I heard from Freelancer.com CEO Matt Barrie (Freelancer is the parent company of Escrow.com). Matt told me the information...

Atom.com Shares Non .com Sales Distribution

3
I have spent more money on non-.com domain names this year than ever before. My perspective is that startups are using them as less...

MAD Comment from NTIA About “Wholesalers”

4
Andrew Allemann wrote about the US National Telecommunications and Information Administration (NTIA) statement about the .com registry extension agreed upon with Verisign. As a...

Beware When Using AI for Domain Name Descriptions

6
Artificial Intelligence can be a time saver. For domain investors, it can make it easier and quicker to create marketing copy to help promote...