registrars Which Registrar Is Most Secure?

Slanted said:

These are the buyers for your domains

Click to expand...

YES...anything to make it easier for this fantastic group of humans--lets implement whatever they want!!! I'm not afraid to say it...I LOVE domain buyers...just saying.

btw op, choose epik over gdaddy any time for any reason.

Slanted said:

...Domainers would cope fine, since domainers tend to be computer literate. But it's easy to forget that end users – particularly people 50+ who didn't grow up with computers or the internet – need a lot of hand holding. These are the buyers for your domains, often as not. So it's important to keep their needs in mind when designing registrar features. Advanced features are great for advanced users. But the folks who only log in once every few years tend to struggle unless we keep things very simple and familiar.

Click to expand...

Agreed!
So why not establish different types of accounts for these two kinds of customers: the computer literate young'uns and the over-the-hill 50+ y.o. geezers?
(although you might go into shock, learning just how computer literate many of us 50+ are, having grown up with MS DOS and command line instead of clicking a "mouse" or talking to Siri)

anantj said:

To start off with,

1. 2-FA via Authy/Google Authenticator. SMS itself has provide to be vulnerable plus I typically face issues of not receiving SMSes frequently.
2. Currently, I have added my "home" phone to my account. This is a landline number and cannot receive SMSes. Allow an additional phone (mobile phone) in the profile or in 2-FA settings to enable receiving SMSes without needing to change the home phone to a mobile phone.

Click to expand...

@Slanted, @robepik Can either of you commit to at least one of these? I can't even enable 2FA for my account

anantj said:

@Slanted, @robepik Can either of you commit to at least one of these? I can't even enable 2FA for my account

Click to expand...

Anant - you followed the how-to?

https://www.epik.com/support/knowledgebase/enabling-disabling-mobile-2-factor-authentication/

If you are still having an issue, come into the live chat and we'll get you going.

robepik said:

Anant - you followed the how-to?

https://www.epik.com/support/knowledgebase/enabling-disabling-mobile-2-factor-authentication/

If you are still having an issue, come into the live chat and we'll get you going.

Click to expand...

Hey Rob,

The steps are not the problem. I understand the steps very well. I'll quote my original comment again here:


1. 2-FA via Authy/Google Authenticator. SMS itself has provide to be vulnerable plus I typically face issues of not receiving SMSes frequently.
2. Currently, I have added my "home" phone to my account. This is a landline number and cannot receive SMSes. Allow an additional phone (mobile phone) in the profile or in 2-FA settings to enable receiving SMSes without needing to change the home phone to a mobile phone.

I have problems receiving 2FA codes on my mobile phone (due to carrier issues or service issues, I'm not sure). I wasn't able to use GD 2FA due to SMS delivery issues as well (and from a few others). Essentially, SMS is unreliable for me and might result in me being locked out of my account.

2. I want to retain my landline as my primary phone but I can't receive SMSes on them (Ignoring point 1 above for a sec). There is no way for me to use my mobile phone only for the 2FA SMSes.

Hope this adds clarity on the issue I'm facing

anantj said:

Hey Rob,

The steps are not the problem. I understand the steps very well. I'll quote my original comment again here:


1. 2-FA via Authy/Google Authenticator. SMS itself has provide to be vulnerable plus I typically face issues of not receiving SMSes frequently.
2. Currently, I have added my "home" phone to my account. This is a landline number and cannot receive SMSes. Allow an additional phone (mobile phone) in the profile or in 2-FA settings to enable receiving SMSes without needing to change the home phone to a mobile phone.

I have problems receiving 2FA codes on my mobile phone (due to carrier issues or service issues, I'm not sure). I wasn't able to use GD 2FA due to SMS delivery issues as well (and from a few others). Essentially, SMS is unreliable for me and might result in me being locked out of my account.

2. I want to retain my landline as my primary phone but I can't receive SMSes on them (Ignoring point 1 above for a sec). There is no way for me to use my mobile phone only for the 2FA SMSes.

Hope this adds clarity on the issue I'm facing

Click to expand...

Thanks for clarifying. We actually have a mobile app coming online but alternatively, it sounds like Google Authenticator would be your preference?

robepik said:

Thanks for clarifying. We actually have a mobile app coming online but alternatively, it sounds like Google Authenticator would be your preference?

Click to expand...

YES. Google Authenticator or Authy (More preference for the latter due to additional security factor of pin protection to even access the app - Third factor authentication :D)

Uniregistery is best Registrar

i like enom

Namesilo has 2 factor auth and you can set it up so you have to answer one or more security questions when doing things like changing DNS or downloading auth codes, etc,etc.

Excellent registrar!

I love namesilo.com
great prices and 2FA + live support and I rarely had to contact them.
I cannot say the same of other services

Slanted said:

Does GoDaddy allow you to restrict login based on a white list of allowed IP addresses?

Click to expand...

Agreed, IP range lockdowns are only provided by a few registrars, as are Registry Superlocks where the domains are taken off API automation. IMO you pay for what you get and retail (pile 'em high, sell'em cheap) registrars can't compete with the management services of some of the corporate services. I personally have blagged auth codes from both Enom & Moniker for clients after I became bored of waiting for them to read up on how to transfer particular ccTLD's...

anantj said:

Hey Rob,

The steps are not the problem. I understand the steps very well. I'll quote my original comment again here:


1. 2-FA via Authy/Google Authenticator. SMS itself has provide to be vulnerable plus I typically face issues of not receiving SMSes frequently.
2. Currently, I have added my "home" phone to my account. This is a landline number and cannot receive SMSes. Allow an additional phone (mobile phone) in the profile or in 2-FA settings to enable receiving SMSes without needing to change the home phone to a mobile phone.

I have problems receiving 2FA codes on my mobile phone (due to carrier issues or service issues, I'm not sure). I wasn't able to use GD 2FA due to SMS delivery issues as well (and from a few others). Essentially, SMS is unreliable for me and might result in me being locked out of my account.

2. I want to retain my landline as my primary phone but I can't receive SMSes on them (Ignoring point 1 above for a sec). There is no way for me to use my mobile phone only for the 2FA SMSes.

Hope this adds clarity on the issue I'm facing

Click to expand...

Have you considered using a token generator instead of an app? IMO it is both more reliable and secure and most importantly, not reliant on your mobile reception?

nametechnology said:

I haven't seen anyone address this, but it's important to note that any registrar that doesn't let you change your username/login might be a security risk (whatever can be used to login basically).

Namecheap - doesn't let you change your username. But you have to give your username away to strangers to make transfers and account pushes.
GoDaddy - doesn't let you change your customer number, but you give your customer number away to make transfers and login and it's on every receipt.

So if a bad actor gets those, they can try to engineer their way into your account. Not sure why they haven't changed this yet, I like both of those registrars but this seems like a security oversight. Hopefully they will change that.

And of course, 2 factor auth is a must.

EDIT: I should add that I'm comparing this to my recent experience with Uniregistry, which uses only your email address as a login. Presumably you can change your email address if an issue were to arise.

Click to expand...

I am not sure if I am reading the above post correctly but why are you giving your username/customer# out to transfer domains?.... and people wonder why domains are so easy to get from retail registrars

We can issue multiple users on any account with 5 access level restrictions ranging from full admin to view only. All user activity is logged and auditable and dedicated account management means that unusual activity is flagged straight away.

Until people realise that saving $5-10 every year on the renewal of a domain worth 6 figures is a false economy then domain jacking will continue to be a profitable enterprise. Would you protect a $100K watch with a 3 reel combination lock? Of course not, you would invest in a security more in line with the property value.... I hope

Just a thought...

BigRich said:

Have you considered using a token generator instead of an app? IMO it is both more reliable and secure and most importantly, not reliant on your mobile reception?

Click to expand...

What is a token generator?

Nevermind

at this moment I don't have ultra premium domain,so I am not to concern about register security! and stick with namecheap and godaddy! I already using them since 2010, and have no problems at all! and most stolen domain and loosing domain, basically the root problems is from email, if our email safe, then nothing to worry about it! for email I prefer with gmail, because if they want my email acc. they have to strike Big G! if they can, they can get my domain! though, most hacker will not brute force Big G! but they tend to with phising, because it's effective and simple! so rule no.1 pay attention on domain or url, every time you insert ID or passwords! and make sure, to make double your security with Phone verification, everytime you login via email, because with that way it will hard for them to get my domain!

but if they can, get my domain! I salute them, and I don't mind to loosing $10 domain and I will consider that as a rewards for whoever people that can pass G system! afterall its only $10! so I am nothing to loose!