Security is My Top Priority at a Domain Registrar

During the past several weeks, there have been quite a few articles that broach the topic of domain theft. From email hacking to phishing to security breaches, there are many ways a domain name can be stolen from its rightful owner. The security of my domain names is the top priority for me when choosing a domain registrar.

With domain names being an intangible asset that I cannot physically protect, I rely heavily on the domain registrars I choose to help me protect my domain names. I have a responsibility to ensure my password is strong and added security like two factor authentication is enabled when possible, but there are other aspects to domain name security beyond what I can control. The domain registrar is responsible for ensuring that their database and technology is secure and does not allow for unauthorized access. They need to be sure their systems work properly, and they need to be proactive against threats.

On Labor Day, I wrote an article covering Namecheap’s “urgent security warning.” In its blog post, the company reported that it had “determined that the username and password data gathered from third party sites, likely the data identified by The Register (i.e. not Namecheap) is being used to try and gain access to accounts.” At the time, I was thankful that I have 2 factor authentication enabled on my registrar accounts where I have my valuable domain names.

Recently, I received emails from Moniker regarding a password reset at my accounts. I looked into my accounts, and I noticed one had an IP address log in that I did not recognize as my own. This account did not have any domain names in it, and the email address on file is one I hardly ever use for anything. After a bit of research, I recalled  that I had used this email address  to create pdfs on the Adobe website a long time ago, and that website had notoriously been hacked  with email addresses and passwords stolen a while ago. Luckily because I had no domain names associated with the account, this is more of a wake up call for me, and I have no idea if the log-in IP and Adobe website hack are related at all.

According to a Washington Post article, a cyber gang has a database containing  “4.5 billion stolen Internet credentials,” and I presume that quite a few of these accounts are also  associated with domain registrar accounts. With that said, I think a domain registrar  needs to be proactive in helping to protect domain registrant accounts. Yes, domain owners need to have strong passwords and protect their associated accounts (ie email address connected with accounts), but I also think there should be countermeasures put into place to prevent hackers from using stolen email addresses and passwords to access accounts. I am hopeful the domain registrars I use  are proactively monitoring log-ins to prevent unauthorized access.

As Mike Berkens noted this morning, “Domain security is the most important service a domain registrar provides and the lack thereof should give rise to De-Accredited faster than anything else.” I agree with Mike. Pricing and customer support are also important, but without proper  domain security, I wouldn’t use a particular domain registrar in the first place.

As a domain name owner, the security of my domain names is the top priority and I need to trust that my registrars are proactive about keeping them secure. If I lose trust in a particular domain registrar, I will transfer my domain names out in order to protect them. There are only so many ways I can protect my domain names, and the domain registrar plays a critical role in keeping my domain names safe.

I put a lot of trust in my domain registrars, and I expect them to protect my domain name assets and ensure that I am doing my part in protecting them as well.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn


  1. I think domain owners should be equally concerned about the Registrars they use that push expiring domains to auction for a cut of the sale.. If your Registrar does not sort your domains by date by default, this is a sign you should move, another sign is when they don’t send you a renewal notice or your domain(s) are expiring… Sadly, Domain hijackers are not the only crooks in our industry.

    • Renew them? naturally they would do that if they knew their domains were expiring, sometimes they don’t know because the Registrar in their clever ways, intentionally makes it hard for the registrant to know their domains are expiring.. It happened to me awhile back before I moved all my domains to another Registrar.

      “I would rather them push expired domain names to auction rather than keep them.”

      I’d rather let them go through the entire Redemption and Pending Delete process which allows the registrant a lot MORE time to retrieve his/her domains.

  2. At we have built several rings of security to minimize similar incidents, including:

    * enforcing strong passwords
    * IP restriction (with IP logging)
    * Two Factor Authentication (2FA)
    * SSL-protected Control Panels
    * Call-in Pin

  3. I think many domain investors have always considered security when choosing domain registrars. Some surveys have shown that price and customer service were among other factors. But I think security beats price in certain ways. Security allows you to sleep well at night. 2-factor authentication might be the future of domain registrar security.

  4. Elliot can I ask you please whats your revenue percentage comes from domain sales and from sites you own (dogwalker, this site, etc)
    You said that a few times in the past but I am interested how this situation looks like today. How things work for you.

Leave a Reply

Recent Posts

Nick Huber: “drop a little coin” for a Premium Domain Name

I do not know Nick Huber, but I see he has a large following on Twitter and frequently offers advice to startup founders and...

Trademarkia Hiring Lead Developer for Domain Registrar Integration

Trademarkia is a website I use occasionally to perform trademark-related searches. This morning, I noticed a job listing the company posted on LinkedIn that...

SquadHelp Ultra Premium Marketplace Goes Live

🎉 It's here! The Ultra-Premium Marketplace is live We've partnered with @HilcoDigital to curate an incredible collection of domains. More additions coming soon! 🌟 Check it...

ROTD Auction Web3 Domain Names

According to a press release I received a moment ago, Right of the Dot is auctioning "Web3" domain names in partnership with Unstoppable Domains.... Dispute Gives Guidance on Common One Word Domains

The latest #UDRP Digest (Vol 3.37) is out now! Read about some interesting cases including,, and more, with commentary from @dnattorney...