Results 1 to 5 of 5

Thread: Two Factor?

  1. #1
    Join Date
    Feb 2015
    Posts
    196

    Two Factor?

    I know this isn't strictly a domain/registrar question...but since most registrar's today offer two-factor authentication...Do any of you use it? I have been on the fence about whether it is worth the trouble to set it up. On one hand, of course any extra security is better then none...but is seems sort of useless? The only way it would help is if someone happened to know my username and password...which someone is unlikely to guess or figure out. And after a few wrong attempts, most accounts lock out, so it's not like they could try to brute force it.

    Maybe I'm wrong, but it seems a bigger risk would be someone pretending to be you and sending in a fake ID with your name to the registrar claiming they got locked out and having them reset your account? Which obviously two-factor would be useless against.

    So any thoughts for or against it? Is it worth it or is it more trouble then it is worth?

  2. #2
    Join Date
    Nov 2015
    Location
    Phoenix, AZ
    Posts
    157
    Quote Originally Posted by sunnyweather View Post
    On one hand, of course any extra security is better then none
    This is it. I always recommend keeping things (especially something as important as access to your domain names) as secure as possible. Any extra security steps you can take to keep your information and domains yours is probably worth the few extra steps you need to take to login.

    What you mentioned about Social Engineering is something that unfortunately you can not really protect against as a consumer, and falls more on the practices of your provider so you will want to make sure that your registrar of choice is doing their part to combat against such attempts and keeping your account secure.

    People will always find a way to be scumbags, so it is definitely important you do all you can to help fight against that.
    || Host Boogie | Premium cPanel Hosting for websites of all sizes ||
    || Pure SSD | RAID 10 | LiteSpeed | Let's Encrypt | r1soft backups | 24x7 Support | 99.99% Uptime Guarantee | 60 Day Money-Back Guarantee ||

  3. #3
    Join Date
    Oct 2002
    Location
    /roof/ledge
    Posts
    28,088
    Definitely use it at my registrar, and wish it went beyond the "text a number" system, to be honest. Would prefer Yubikey or time based as the secondary, but any layer of security you can add to this sort of thing is helpful.
    Your one stop shop for decentralization

  4. #4
    Join Date
    Mar 2009
    Location
    Here Today - Gone to Maui
    Posts
    9,966
    Right, absolutely the more security, the better off you are.
    ProlimeHost - Dedicated Server Hosting & KVM SSD VPS
    Three Datacenter Locations: Los Angeles, Denver & Singapore
    SuperMicro Hardware | Multiple Bandwidth Providers | 24/7 On-site Engineers

  5. #5
    Join Date
    Feb 2015
    Posts
    196
    Thanks everyone.

    Quote Originally Posted by hostboogie View Post
    What you mentioned about Social Engineering is something that unfortunately you can not really protect against as a consumer, and falls more on the practices of your provider so you will want to make sure that your registrar of choice is doing their part to combat against such attempts and keeping your account secure.
    I agree that the 'social engineering' aspect can be a major issue considering there isn't much an individual can do, other than pick a good registrar. But unfortunately it seems most registrars only require either a picture of your ID (which the name can be easily edited in) or a billing address/zip code (even easier to get) or you need to tell them the last transaction you did (And seeing as how most transactions at a registrar are either going to be a domain registration or renewal...that wouldn't be that hard to guess or figure out)...So does anyone know which registrars are the most secure in terms of their support staff?

    Which registrars have tough policies on turning off two-factor or resetting passwords? Which registrars would be the hardest for someone to call and claim to be you and ask for account access?

Similar Threads

  1. Replies: 0
    Last Post: 12-10-2013, 02:24 AM
  2. Hosters and registrars supporting two-factor authentication
    By Master Bo in forum Hosting Security and Technology
    Replies: 4
    Last Post: 09-28-2013, 11:33 AM
  3. NameCheap two-factor authentication
    By PlotHost-Max in forum Hosting Security and Technology
    Replies: 3
    Last Post: 09-24-2013, 03:40 AM
  4. Who requires two-factor authentication?
    By Yujin in forum Hosting Security and Technology
    Replies: 10
    Last Post: 08-17-2013, 09:27 PM
  5. Simple but effective Two factor Auth
    By JacobJ in forum Hosting Security and Technology
    Replies: 2
    Last Post: 02-24-2013, 03:19 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •