Found this on domaining.com and thought this article was pretty interesting. I copy-pasted it from that site, so I am just the messenger, not the author :hehe:
With domain hijackings seemingly at an all time high, I think now is the time for a public domain registrar to take action. I believe security key fobs are a nearly impenetrable line of defense that should be put into action by a responsible registrar. This would curtail domain hijackings, potentially saving registrants thousands of dollars in legal fees and hundreds of hours fighting to have their domain names returned.
Domain hijackings can occur when a hacker gains access to a person’s domain registrar account. This can be done by hacking into someone’s email account using a variety of methods or by hacking into the actual domain account. Either a weak password or a multitude of other factors can potentially lead to this outcome. Once a hacker is in possession of the registrar account, there are many ways he can control the domain names without raising the attention of the domain owner. If the domain names are transferred to another registrar, it may be too late for the rightful owner to take action, and the process of getting the domain names returned can be costly and time consuming.
Domain names are intangible assets, and the loss of one can be fatal to a business. It can mean missed sales, lost emails sent to addresses linked to the domain name, confused customers, and it can be emotionally draining on the registrant. While we are able to secure our tangible assets such as jewelry or property deeds, it is more difficult to secure our domain assets. For example, if I lose the key to my safety deposit box, the bank doesn’t simply permit the finder to access the box. As it currently stands in the domain business, if a hacker gains access to my domain account though unscrupulous actions, he may be able to take control of my domain names. I don’t think its fair to be held accountable for something that may be out of my control.
With that said, I think a security key fob with a changing passcode (similar to what Paypal offers) could help secure a domain registrar account. I would pay a premium for this service, and I am sure others would as well. Having good security is a unique selling point that distinguishes some registrars from others. Having the best security system in place before competitors would certainly give one registrar a major competitive advantage. Most registrants wouldn’t want multiple security key fobs, so consolidating all domain names at the most secure registrar would be the most likely outcome.
I urge all registrars to take action, no matter how secure you believe your system is.
Now I personally did often in the history of this forum state that I would find it much more secure if ownership transfers could only be done by paperworks needing to be signed by the domain owner and then faxed to the registrar. That way getting access to someone's email account is not enough to steal a domainname, because to complete the transfer the owner needs to put an actual signature on a paper.
On domaining.com a poll showed that 78% of the people who read the article, stated they were willing to pay extra for extra security features.
I wonder, is there really no registrar out there (a reliable registrar) who still requires paperwork before a domain can be transfered? Even if it were only optional, that the domain owner can choose if he wants to have paperworks involved or not... I am quite sure there would be more people interested in it, as obviously more domainers care about security.
With domain hijackings seemingly at an all time high, I think now is the time for a public domain registrar to take action. I believe security key fobs are a nearly impenetrable line of defense that should be put into action by a responsible registrar. This would curtail domain hijackings, potentially saving registrants thousands of dollars in legal fees and hundreds of hours fighting to have their domain names returned.
Domain hijackings can occur when a hacker gains access to a person’s domain registrar account. This can be done by hacking into someone’s email account using a variety of methods or by hacking into the actual domain account. Either a weak password or a multitude of other factors can potentially lead to this outcome. Once a hacker is in possession of the registrar account, there are many ways he can control the domain names without raising the attention of the domain owner. If the domain names are transferred to another registrar, it may be too late for the rightful owner to take action, and the process of getting the domain names returned can be costly and time consuming.
Domain names are intangible assets, and the loss of one can be fatal to a business. It can mean missed sales, lost emails sent to addresses linked to the domain name, confused customers, and it can be emotionally draining on the registrant. While we are able to secure our tangible assets such as jewelry or property deeds, it is more difficult to secure our domain assets. For example, if I lose the key to my safety deposit box, the bank doesn’t simply permit the finder to access the box. As it currently stands in the domain business, if a hacker gains access to my domain account though unscrupulous actions, he may be able to take control of my domain names. I don’t think its fair to be held accountable for something that may be out of my control.
With that said, I think a security key fob with a changing passcode (similar to what Paypal offers) could help secure a domain registrar account. I would pay a premium for this service, and I am sure others would as well. Having good security is a unique selling point that distinguishes some registrars from others. Having the best security system in place before competitors would certainly give one registrar a major competitive advantage. Most registrants wouldn’t want multiple security key fobs, so consolidating all domain names at the most secure registrar would be the most likely outcome.
I urge all registrars to take action, no matter how secure you believe your system is.
Now I personally did often in the history of this forum state that I would find it much more secure if ownership transfers could only be done by paperworks needing to be signed by the domain owner and then faxed to the registrar. That way getting access to someone's email account is not enough to steal a domainname, because to complete the transfer the owner needs to put an actual signature on a paper.
On domaining.com a poll showed that 78% of the people who read the article, stated they were willing to pay extra for extra security features.
I wonder, is there really no registrar out there (a reliable registrar) who still requires paperwork before a domain can be transfered? Even if it were only optional, that the domain owner can choose if he wants to have paperworks involved or not... I am quite sure there would be more people interested in it, as obviously more domainers care about security.
