registrars Which Registrar Is Most Secure?

[DaveX]

With valuable domains being stolen and tons of new, untested registrars popping up, I've started thinking about security.

I have names spread across about 12 registrars. I tend to like GD, but I like others too.

Any feedback about which registrars provide the highest level of security?

 

[Rob Monster]

Hey Rob,

The steps are not the problem. I understand the steps very well. I'll quote my original comment again here:


1. 2-FA via Authy/Google Authenticator. SMS itself has provide to be vulnerable plus I typically face issues of not receiving SMSes frequently.
2. Currently, I have added my "home" phone to my account. This is a landline number and cannot receive SMSes. Allow an additional phone (mobile phone) in the profile or in 2-FA settings to enable receiving SMSes without needing to change the home phone to a mobile phone.

I have problems receiving 2FA codes on my mobile phone (due to carrier issues or service issues, I'm not sure). I wasn't able to use GD 2FA due to SMS delivery issues as well (and from a few others). Essentially, SMS is unreliable for me and might result in me being locked out of my account.

2. I want to retain my landline as my primary phone but I can't receive SMSes on them (Ignoring point 1 above for a sec). There is no way for me to use my mobile phone only for the 2FA SMSes.

Hope this adds clarity on the issue I'm facing

Thanks for clarifying. We actually have a mobile app coming online but alternatively, it sounds like Google Authenticator would be your preference?

 

[anantj]

Thanks for clarifying. We actually have a mobile app coming online but alternatively, it sounds like Google Authenticator would be your preference?

YES. Google Authenticator or Authy (More preference for the latter due to additional security factor of pin protection to even access the app - Third factor authentication :D)

 

[DKBROKER]

Uniregistery is best Registrar

 

[toughdomains]

i like enom

 

[Cdomains]

Namesilo has 2 factor auth and you can set it up so you have to answer one or more security questions when doing things like changing DNS or downloading auth codes, etc,etc.

Excellent registrar!

 

[pablohc86]

I love namesilo.com
great prices and 2FA + live support and I rarely had to contact them.
I cannot say the same of other services

 

[BigRich]

Does GoDaddy allow you to restrict login based on a white list of allowed IP addresses?

Agreed, IP range lockdowns are only provided by a few registrars, as are Registry Superlocks where the domains are taken off API automation. IMO you pay for what you get and retail (pile 'em high, sell'em cheap) registrars can't compete with the management services of some of the corporate services. I personally have blagged auth codes from both Enom & Moniker for clients after I became bored of waiting for them to read up on how to transfer particular ccTLD's...

 

[BigRich]

Hey Rob,

The steps are not the problem. I understand the steps very well. I'll quote my original comment again here:


1. 2-FA via Authy/Google Authenticator. SMS itself has provide to be vulnerable plus I typically face issues of not receiving SMSes frequently.
2. Currently, I have added my "home" phone to my account. This is a landline number and cannot receive SMSes. Allow an additional phone (mobile phone) in the profile or in 2-FA settings to enable receiving SMSes without needing to change the home phone to a mobile phone.

I have problems receiving 2FA codes on my mobile phone (due to carrier issues or service issues, I'm not sure). I wasn't able to use GD 2FA due to SMS delivery issues as well (and from a few others). Essentially, SMS is unreliable for me and might result in me being locked out of my account.

2. I want to retain my landline as my primary phone but I can't receive SMSes on them (Ignoring point 1 above for a sec). There is no way for me to use my mobile phone only for the 2FA SMSes.

Hope this adds clarity on the issue I'm facing

Have you considered using a token generator instead of an app? IMO it is both more reliable and secure and most importantly, not reliant on your mobile reception?

 

[BigRich]

I haven't seen anyone address this, but it's important to note that any registrar that doesn't let you change your username/login might be a security risk (whatever can be used to login basically).

Namecheap - doesn't let you change your username. But you have to give your username away to strangers to make transfers and account pushes.
GoDaddy - doesn't let you change your customer number, but you give your customer number away to make transfers and login and it's on every receipt.

So if a bad actor gets those, they can try to engineer their way into your account. Not sure why they haven't changed this yet, I like both of those registrars but this seems like a security oversight. Hopefully they will change that.

And of course, 2 factor auth is a must.

EDIT: I should add that I'm comparing this to my recent experience with Uniregistry, which uses only your email address as a login. Presumably you can change your email address if an issue were to arise.

I am not sure if I am reading the above post correctly but why are you giving your username/customer# out to transfer domains?.... and people wonder why domains are so easy to get from retail registrars

We can issue multiple users on any account with 5 access level restrictions ranging from full admin to view only. All user activity is logged and auditable and dedicated account management means that unusual activity is flagged straight away.

Until people realise that saving $5-10 every year on the renewal of a domain worth 6 figures is a false economy then domain jacking will continue to be a profitable enterprise. Would you protect a $100K watch with a 3 reel combination lock? Of course not, you would invest in a security more in line with the property value.... I hope

Just a thought...

 

[anantj]

Have you considered using a token generator instead of an app? IMO it is both more reliable and secure and most importantly, not reliant on your mobile reception?

What is a token generator?

 

[anantj]

Nevermind

 

[MR Harrist]

at this moment I don't have ultra premium domain,so I am not to concern about register security! and stick with namecheap and godaddy! I already using them since 2010, and have no problems at all! and most stolen domain and loosing domain, basically the root problems is from email, if our email safe, then nothing to worry about it! for email I prefer with gmail, because if they want my email acc. they have to strike Big G! if they can, they can get my domain! though, most hacker will not brute force Big G! but they tend to with phising, because it's effective and simple! so rule no.1 pay attention on domain or url, every time you insert ID or passwords! and make sure, to make double your security with Phone verification, everytime you login via email, because with that way it will hard for them to get my domain!

but if they can, get my domain! I salute them, and I don't mind to loosing $10 domain and I will consider that as a rewards for whoever people that can pass G system! afterall its only $10! so I am nothing to loose!