It’s time to get serious with your domain name assets and protect them the best you can at your domain name registrar! The following are suggestions on how to best secure your domain names and there really is one key factor here, email!
First, and this is why it’s first… have a different email address in the whois than you do on your registrar account. That way, they (the bad guys) don’t know what email to hack to do a password reset with. That is likely the largest cause of domain theft, password reset on a main email address used in whois that matches the email used as the main email on the registrar account.
It is very important to not reveal your email address used for your registrar account.
I would suggest doing the WHOIS email on one of your domains that you own, and for your registrar account use a freemail with two-factor authentication like Gmail.
For the email on your domain (in whois), make it a forwarder to another email address rather than an actual inbox that could be hacked just to be on the safe side.
Let’s say you have two free emails, one Gmail and one Yahoo. This is how you would set everything up:
WHOIS: [email protected]
Registrar: [email protected]
Then set up [email protected] to forward emails to [email protected] rather than being its own inbox.
Have two-factor authentication enabled on both Gmail and Yahoo. If your registrar offers two-factor authentication (like GoDaddy does), active that as well!
Secure passwords should be used and changed from time to time to be safe as well but this is common sense!
Doing the above, will greatly increase your security on your domain names!
Recap
- Do not have the same email address in whois, that is our mail email address associated with your registrar account
- Main Registrar Account Email: gMail with 2 factor
- Whois email, [email protected]
- Forward whois email [email protected] to a Yahoo email that has 2 factor
Further Options
1.) Secondary account used to receive transfers in. Accept the domain there then push it to your primary account. Giving out your primary customer number (account number) and email address (main email associated with your account) should be done as little as possible. If you purchase a domain name in the aftermarket, you will likely (depends on registrar) need to provide your registrar account number and often email address.
2.) DTVS (Domain Transfer Validation Service) (GoDaddy, Executive Accounts). Any push or domain transfer leaving your account needs to be approved via your account manager, with a different code. Most registrars have a locking service but this also often is a fee.
Tips
GoDaddy.com is my registrar of choice. There are other domain name registrars that are very secure. The choice of your registrar is up to you but does play a factor in your domains security. Yes, domain names get stolen from almost ALL registrars, but not always at the fault of the registrar! It is often because of email hacking that leads to unauthorized logins at a registrar.
Set Two Factor Authentication
GoDaddy: My Account / Settings / Account Security Settings (right side of box)
That is also the location of your Main Registrar Account Email (which should be different than your whois email). To set your whois email, select the Domain Registrations Defaults, that is what is displayed in whois.
I think with these tips (you still have to DO IT) will greatly secure your domain names! Again, these are suggestions and are totally up to you on how you secure your domains and what domain registrar you use to do so. Hope this helps and feel free to post other suggestions you may have.
I think the only way to truly secure your domain names is by using a registry lock. It’s the one foolproof solution yet no one seems to ever mention it. It’s how companies like Google and Yahoo protect their domains.
https://www.verisigninc.com/en_US/channel-resources/domain-registry-products/registry-lock/index.xhtml
Thanks for writing the article, Jamie. I’m sure many people will find it helpful.