With recent reports from NamePros members of domain names being stolen and accounts being hacked, I wanted to share the methods of activating two-factor authentication at a number of registrars and services that you may be using. This is a vital step that I think you should be taking in order to give your domain names extra protection.
For those who are unaware of two-factor authentication, it involves adding an extra layer of security to an account - aside from just a simple username and password. It may involve entering a PIN code or a code received via an SMS (text message). Companies such as Apple, Facebook, and Twitter have been allowing users to set up two-factor authentication for a while, and many domain-related services that you may use have also followed suit.
Below I'll show you how to set up two-factor authentication at some of the most popular services and registrars around; a process that takes just a matter of minutes, and it can help protect you against domain name theft
Gmail
Our email is the gateway to most of our accounts online, and it is typically the most important and overlooked account that needs to be protected. If compromised, most of our other online accounts are one "password reset" away from being infiltrated.
Fortunately, Google has a feature called two-step verification that can be used on any Gmail account. Please note, for those using Gmail with custom domain names, your administrator may have to log into the domain administrator panel at Google to turn on two-step verification (Admin console » Security » Basic Settings).
To switch on two-step verification for your Google account (which includes Gmail), click here. This will take you to a landing page in which you'll need to click "Get Started," then "Start Setup."
You'll then be asked to enter your phone number. After entering your phone number, a six-digit code will be sent via SMS or voice call to verify your phone number.
Once this has been set up, every time you sign in on a new device or app, a six-digit code will be sent to the phone number that Google has on file.
Within your two step verification settings, you can download backup codes and add a backup phone number.
GoDaddy
If you keep any domain names at GoDaddy, I'd recommend setting up two-factor authentication to give an extra layer of protection to your domains. To do this, log in to your GoDaddy account, go to your Account Manager page, and then click on Settings.
From there, click on Account Security Settings on the left-hand side, and you'll see a box that says, "Two Factor Authentication" with a link underneath that says, "Manage." Click on Manage and then follow the steps to add your phone number.
As with Google above, you'll receive a six-digit code. After activating your phone number, you'll be required to enter a six-digit code every time you sign in.
Uniregistry
The popular domain registrar from Frank Schilling now offers two-factor authentication, which can be activated by following these simple steps.
Log in to your account at Uniregistry.com and navigate to Account Settings, then Two Step Verification (or click here for a direct link). Add your phone number, and then click on Get Started.
From here, you'll have to install the Google Authenticator app on your Android or iOS device (or another authenticator app), and either scan the QR code that Uniregistry provides or enter the on-screen code manually.
Once you click on Validate, your two-factor authentication will be set up. Every time you log into your Uniregistry account, you'll be required to open your authenticator app and type in the six-digit code that is generated by the app.
eNom
Many domain names that are won at NameJet are placed into accounts at eNom, so there's a good chance that you have at least one domain name registered there. To enable two-factor authentication at eNom, sign in and go to the "Account Overview" page (My Account » My Dashboard).
There is a box called Two Step Verification (pictured above) and a link entitled "Edit." Click on this link and you'll be taken to a new page. Again, you'll have to use Google's Authenticator app to scan in the on-screen QR code. Once you've done that, enter the six-digit verification code and your device will be linked.
Now two-step verification will be enabled on your account, meaning that every time you sign into eNom.com, you will be required to enter the passcode generated with your authenticator app.
Dynadot
Dynadot offers two-factor authentication through either SMS or Google Authenticator. To activate the free service, sign in to your Dynadot account and navigate to My Info » Account Lock. From there, you have the option to either scan in a QR code using Google Authenticator or enter your phone number to activate the SMS authentication.
Once the service is activated, I'd recommend locking your account again to prevent further changes.
NameSilo
To activate two-factor authentication at NameSilo, sign in to your account and click on the "Domain Defender" link on the right-hand side. From there, click the link inside a green-bordered box that says, "Click here to set up 2-factor authentication."
NameSilo recommends an app called Authy to handle its two-factor authentication, but I've been able to easily connect my NameSilo account to the Google Authenticator app, which I used in the above examples.
PayPal
A service that many of us use on a daily basis, and one that I'd definitely recommend protecting with two-factor authentication, is PayPal. By clicking on this link, you should be taken to your PayPal settings page.
From there, click on My Account Settings » Security Key » Get Started.
Next, click on "Get Security Key," enter your phone number, wait for the SMS with your verification code, and then enter it into the website.
--
These are the registrars and services that I use on a regular basis, and of course there are other registrars that offer two-factor authentication as well. These are:
For a full list of domain registrars (as well as many other services that offer two-factor authentication), visit TwoFactorAuth.org.
Updates worth reading:
For those who are unaware of two-factor authentication, it involves adding an extra layer of security to an account - aside from just a simple username and password. It may involve entering a PIN code or a code received via an SMS (text message). Companies such as Apple, Facebook, and Twitter have been allowing users to set up two-factor authentication for a while, and many domain-related services that you may use have also followed suit.
Below I'll show you how to set up two-factor authentication at some of the most popular services and registrars around; a process that takes just a matter of minutes, and it can help protect you against domain name theft
Gmail
Our email is the gateway to most of our accounts online, and it is typically the most important and overlooked account that needs to be protected. If compromised, most of our other online accounts are one "password reset" away from being infiltrated.
Fortunately, Google has a feature called two-step verification that can be used on any Gmail account. Please note, for those using Gmail with custom domain names, your administrator may have to log into the domain administrator panel at Google to turn on two-step verification (Admin console » Security » Basic Settings).
To switch on two-step verification for your Google account (which includes Gmail), click here. This will take you to a landing page in which you'll need to click "Get Started," then "Start Setup."
You'll then be asked to enter your phone number. After entering your phone number, a six-digit code will be sent via SMS or voice call to verify your phone number.
Once this has been set up, every time you sign in on a new device or app, a six-digit code will be sent to the phone number that Google has on file.
Within your two step verification settings, you can download backup codes and add a backup phone number.
GoDaddy
If you keep any domain names at GoDaddy, I'd recommend setting up two-factor authentication to give an extra layer of protection to your domains. To do this, log in to your GoDaddy account, go to your Account Manager page, and then click on Settings.
From there, click on Account Security Settings on the left-hand side, and you'll see a box that says, "Two Factor Authentication" with a link underneath that says, "Manage." Click on Manage and then follow the steps to add your phone number.
As with Google above, you'll receive a six-digit code. After activating your phone number, you'll be required to enter a six-digit code every time you sign in.
Uniregistry
The popular domain registrar from Frank Schilling now offers two-factor authentication, which can be activated by following these simple steps.
Log in to your account at Uniregistry.com and navigate to Account Settings, then Two Step Verification (or click here for a direct link). Add your phone number, and then click on Get Started.
From here, you'll have to install the Google Authenticator app on your Android or iOS device (or another authenticator app), and either scan the QR code that Uniregistry provides or enter the on-screen code manually.
Once you click on Validate, your two-factor authentication will be set up. Every time you log into your Uniregistry account, you'll be required to open your authenticator app and type in the six-digit code that is generated by the app.
eNom
Many domain names that are won at NameJet are placed into accounts at eNom, so there's a good chance that you have at least one domain name registered there. To enable two-factor authentication at eNom, sign in and go to the "Account Overview" page (My Account » My Dashboard).
There is a box called Two Step Verification (pictured above) and a link entitled "Edit." Click on this link and you'll be taken to a new page. Again, you'll have to use Google's Authenticator app to scan in the on-screen QR code. Once you've done that, enter the six-digit verification code and your device will be linked.
Now two-step verification will be enabled on your account, meaning that every time you sign into eNom.com, you will be required to enter the passcode generated with your authenticator app.
Dynadot
Dynadot offers two-factor authentication through either SMS or Google Authenticator. To activate the free service, sign in to your Dynadot account and navigate to My Info » Account Lock. From there, you have the option to either scan in a QR code using Google Authenticator or enter your phone number to activate the SMS authentication.
Once the service is activated, I'd recommend locking your account again to prevent further changes.
NameSilo
To activate two-factor authentication at NameSilo, sign in to your account and click on the "Domain Defender" link on the right-hand side. From there, click the link inside a green-bordered box that says, "Click here to set up 2-factor authentication."
NameSilo recommends an app called Authy to handle its two-factor authentication, but I've been able to easily connect my NameSilo account to the Google Authenticator app, which I used in the above examples.
PayPal
A service that many of us use on a daily basis, and one that I'd definitely recommend protecting with two-factor authentication, is PayPal. By clicking on this link, you should be taken to your PayPal settings page.
From there, click on My Account Settings » Security Key » Get Started.
Next, click on "Get Security Key," enter your phone number, wait for the SMS with your verification code, and then enter it into the website.
--
These are the registrars and services that I use on a regular basis, and of course there are other registrars that offer two-factor authentication as well. These are:
- 101Domain
- Directnic
- Fabulous
- Gandi
- Google Domains
- Hover.com
- Internet.bs
- MarkMonitor
- Name.com
- NameCheap
- Nominet
For a full list of domain registrars (as well as many other services that offer two-factor authentication), visit TwoFactorAuth.org.
Updates worth reading:
- Nov 25, 2015: @Paul Buonopane, the CTO at NamePros, created a tool and published a blog post on common passwords used by hackers: How To Avoid Domain Theft - Part 1: Understanding Hackers
