What measures do you take to keep your domain secure?

[DigitalDeepak.com]

Do you take any special measures to keep your domains secure?

Domain thefts are now frequently reported. What else can we do to keep our domains secure apart from having a strong password?

Let's discuss!

What I do?

I use 2FA (two factor authentication) for the email ID associated with the domain accounts and some registrars allow 2FA feature. But other than that what else do you do?

 

[The New Guy]

I have really bad domains that nobody would ever want to steal.

In fact one time somebody hacked into my account and they must have felt so bad for me that they pushed a couple of domains to my account out of pity.

 

[DigitalDeepak.com]

I have really bad domains that nobody would ever want to steal.

In fact one time somebody hacked into my account and they must have felt so bad for me that they pushed a couple of domains to my account out of pity.

ha ha

 

[Joseph Green]

This has been discussed in detail on NamePros in the past. You may want to search for those threads.

Keeping your domain secure really comes down to using a secure registrar that has sufficient authorization/security options. There aren't many registrars that do this well, but Dynadot does a good job.

 

[Sheogorath]

I use 2FA authentications as well.
I also use domain whois privacy for all of my domains.
That way, no one can know my email or other personal details.
It may hinder sales from people who want to see the whois to contact me but I manage to sell that way.
So it is a matter of personal choice.

Furthermore, it is important your domain will at the very least show ClientTransferProhibited.
This status prevent unauthorized transfer.
There are other useful statuses as well.

 

[brandnow]

I use 2FA authentications as well.
I also use domain whois privacy for all of my domains.
That way, no one can know my email or other personal details.
It may hinder sales from people who want to see the whois to contact me but I manage to sell that way.
So it is a matter of personal choice.

Furthermore, it is important your domain will at the very least show ClientTransferProhibited.
This status prevent unauthorized transfer.
There are other useful statuses as well.

But the problem is people can still determine who you are if you have all or several of your domains parked at one webhost or one parking company. Sometimes whois information 'leaks' too, which is what happened recently with Google.

 

[Sheogorath]

But the problem is people can still determine who you are if you have all or several of your domains parked at one webhost or one parking company. Sometimes whois information 'leaks' too, which is what happened recently with Google.

Indeed.
Whois Privacy is not bulletproof.
But IMO it is much better than public whois.
I strongly recommend to use whois privacy.

 

[biggie]

Do you take any special measures to keep your domains secure?

no special measures, other than making sure domain is locked at the registrar

why?

because security is a myth, an illusion of safety.... especially at gd.

Whois Privacy is not bulletproof.
But IMO it is much better than public whois.
I strongly recommend to use whois privacy.

I have never set any of my names to privacy.
why?
because it's counterproductive to selling domain names

those who don't know, "need" to "read", exactly what privacy is.


imo...

 

[equity78]

no special measures, other than making sure domain is locked at the registrar

why?

because security is a myth, an illusion of safety.... especially at gd.




I have never set any of my names to privacy.
why?
because it's counterproductive to selling domain names

those who don't know, "need" to "read", exactly what privacy is.


imo...

True Don, but some registrars have better safety measures than others. I think the Fabulous executive lock is at the top of the list. In speaking with Paul Nicks at Go Daddy if you have a certain type of account you have better security at Go Daddy than regular accounts, I don't know how many domains you need to have to qualify for that kind of account.

 

[DigitalDeepak.com]

Fabulous for some reason is blocked in India.

 

[Kate]

The most important step to protecting your domain names:
using an E-mail address that is reliable, safe, secure.
Do not a free E-mail address, that you do not control.

Note that the E-mail address linked to your registrar account can be different than the address listed in whois. This makes it more difficult for domain hijackers to steal your domain names.

Domain names are generally stolen in two ways:

1. phishing page (from a whois accuracy reminder E-mail)
2. stealing the admin E-mail address, either because the domain has expired, or the E-mail address was deactivated for lack of usage, and claimed by another party (eg yahoo accounts). E-mail accounts may also be hijacked by brute force. Don't use weak passwords.

 

[Joseph Green]

In speaking with Paul Nicks at Go Daddy if you have a certain type of account you have better security at Go Daddy than regular accounts, I don't know how many domains you need to have to qualify for that kind of account.

It's based on yearly spend. The service that he's referring to is the Domain Transfer Validation Service (DTVS). Only reps of GoDaddy's Premier Services have access to this feature.

When it's enabled on your account, it requires that all transfers from your account (account changes and registrar transfers) be verbally verified via the phone number that you set. Once they call your phone number, you authorize each transfer with a PIN that you previously set.

You get to choose the phone number and PIN when the GoDaddy representative enables it on your account.

 

[DigitalDeepak.com]

The most important step to protecting your domain names:
using an E-mail address that is reliable, safe, secure.
Do not a free E-mail address, that you do not control.

Note that the E-mail address linked to your registrar account can be different than the address listed in whois. This makes it more difficult for domain hijackers to steal your domain names.

Domain names are generally stolen in two ways:

1. phishing page (from a whois accuracy reminder E-mail)
2. stealing the admin E-mail address, either because the domain has expired, or the E-mail address was deactivated for lack of usage, and claimed by another party (eg yahoo accounts). E-mail accounts may also be hijacked by brute force. Don't use weak passwords.

So the whois email ID and login email ID should be different. Right?

Using Gmail with 2FA is safe? Or is it recommended to have a custom email ID tied to our own domain?

 

[Dave_Z]

So the whois email ID and login email ID should be different. Right?

Right. As always, check with your registrar.

 

[cmdomains]

Using Gmail with 2FA is safe? Or is it recommended to have a custom email ID tied to our own domain?

Found this article below that you may use to your advantage when using 2FA.
Attackers bypass 2fa systems used by banks

Basic security measures against phishing time and time again will say not to click on any email link and not to enter any personal information after (if it's asking you to). Using 2Fa can be harder for phishers as the process acquiring information to their side is much lengthy. But just because 2FA seems all new to many, phishers have known how to get around it by using a more sophisticated process and creating legitimate-looking content/resources. If you have not been using basic measures to prevent getting cracked, I hope none of these phishers catch on.

As for domain security, there's probably no perfect way and at some point they will be stolen. If and when that happens, you just have to stick believing that you'll get help after you've done your part before it did -- it'd be nice your names just went for a walk to the park tho.

 

[discobull]

Found this article below that you may use to your advantage when using 2FA.
Attackers bypass 2fa systems used by banks

Basic security measures against phishing time and time again will say not to click on any email link and not to enter any personal information after (if it's asking you to). Using 2Fa can be harder for phishers as the process acquiring information to their side is much lengthy. But just because 2FA seems all new to many, phishers have known how to get around it by using a more sophisticated process and creating legitimate-looking content/resources. If you have not been using basic measures to prevent getting cracked, I hope none of these phishers catch on.

As for domain security, there's probably no perfect way and at some point they will be stolen. If and when that happens, you just have to stick believing that you'll get help after you've done your part before it did -- it'd be nice your names just went for a walk to the park tho.

I think your link is missing the last 'l'. This one should work:

http://www.securityweek.com/attackers-bypass-2fa-systems-used-banks-operation-emmental