registrars Which Registrar Is Most Secure?

[Silentptnr]

With valuable domains being stolen and tons of new, untested registrars popping up, I've started thinking about security.

I have names spread across about 12 registrars. I tend to like GD, but I like others too.

Any feedback about which registrars provide the highest level of security?

 

[pooky]

@robepik @Slanted Please introduce Google Authenticator or Authy 2-factor as an alternative for mobile SMS authentication.

Having the code generated on your phone with these apps would be a better option, instead of waiting for the SMS to arrive.

 

[anony]

Please start a new thread and then tag Joe Styler for help with a GoDaddy issue, this is off topic for this thread : smile :

Ok sorry.

 

[usernamex]

The way other registrars handle different payment fees is at the time of pre-funding. So if you made an account type that was pre-fund ONLY, you can simply deduct the fee at the time the funding is deposited - if you pre-fund $100 using Wire, you get $100 credit in your account. If you pre-fund $100 by Credit Card, you get $95 in your account. Then whenever you use the account balance, the original source doesn't matter because the fee was already taken into account. PayPal is worse since they have flat + percentage so imagine the percent could be flat higher, or variable based on the amount. You can also set a minimum funding requirement on top of the fee, so people are not funding small amounts, like $50 or $100 minimums are pretty common.

Then people can choose to have a pre-fund only account (8.10) or a pay as you go account (8.49)

Another benefit to pre-funding is I don't have to leave a credit card on file which I personally don't care for as an extra security vulnerability.

 

[Domains - Wanted]

^^^ What @usernames and @Domaniak said!

You can set a minimum amount for account funding by PP or CC, like OnlineNIC or Enom does with reseller accounts, setting a lower fee (say, 3%) than for individual domain registrations/transfers (5%) - an incentive to pre-fund accounts. You might even increase the fee for retail payments to promote pre-funding.

 

[Slanted]

Eventually I will move all my domains to Epik, the level of personal attention is phenomenal, and the UI is among the better designs with managing hundreds of domains.

Thanks for the thumb's up.

A security feature I like is account access notification - by email or text.

That's an interesting idea. We'd have to let people toggle this setting ON / OFF (default OFF), since most customers wouldn't want any extra email messages. But I'm sure some customers would want to track logins. Curious how many people want this ... Show of hands? It sounds like a good idea, but I also wonder if people wouldn't get sick of all the emails or – worse – grow so accustomed to them (through frequent logins of their own) that they'd fail to notice a suspicious login even if 1 did occur.

One thing I could not figure out how to do was enable MaxLock from the control panel so if you can point me in the right direction that would be super

Pretty sure we haven't implemented an ON / OFF switch in the customer's user interface. Later, we might. For now, you can contact support, and they'll do it for you.

 

[Slanted]

And why not ... simply levy a charge on PayPal or CC funding of the account balance (like many other registrars do)? After that, all in-account funds, from whatever source, are of one kind only and free and clear of any ambiguity.

Worth considering. I'm not fully satisfied with the existing system of determining prices, and I plan to propose some changes soon. That said, I've been at Epik barely 3 months, and cannot (and should not) change things too fast. Customers get used to things a certain way. And there are often reasons why things are the way they are. We're at a point now where I think we can hopefully balance a smooth status quo with some modifications.

 

[Slanted]

P.S. Speaking of modifications, Epik's new domain financing feature was released in beta this past week. If you've ever wanted to arrange month-to-month domain rentals, optioning, or installment purchase plans, we're the best game in town.

 

[Domains - Wanted]

...That said, I've been at Epik barely 3 months, and cannot (and should not) change things too fast.

Yes, well, this is why I very much appreciate Rob's taking a personal interest
No offense, staff is always constrained by, well, being staff.

Customers get used to things a certain way.

How so? Oh! Like asking Rob for help to adjust pricing manually on a case by case basis, you mean?

And there are often reasons why things are the way they are.

Are you generalizing or referring to this particular issue?

 

[NameAcquisitions]

I have a suggestion for Epik. I'd like to see registry lock feature. Verisign apparently makes this available, yet practically no registrar offers it as a reasonable add-on.

 

[Domaniak]

I have a suggestion for Epik. I'd like to see registry lock feature. Verisign apparently makes this available, yet practically no registrar offers it as a reasonable add-on.

So what's the difference between registrar-lock and registry-lock? (assuming you are not talking about the former)

 

[UXela]

I tend to keep my most valuable domains with NameSilo and Epik and I've been happy with both from all perspectives (including security). I tend to use NameSilo more because I like their platform more and the site is faster.
However I would never ever keep valuable domains with GD or other shady registrars (mmmm.... 1&1, bigrock, domain.com & co., etc.).
I do buy domains at GD auctions but I move them immediately to NameSilo by requesting the 60 day lock to be lifted as soon as the domain is in my account...

 

[xn--v4h.com]

That depends. If you're asking whether Emoji domains can be registered at Epik, then the answer is yes.

Emoji domains are essentially a subset of IDNs. Not all TLDs have enabled emoji registrations, though I know .WS offers them. These can be registered at Epik.

If you're asking about displaying emoji domains (or IDNs generally), that's a separate question. Most websites tend to show the punycode version. (That's the encoding that begins "xn--".)

As IDNs become more popular, websites everywhere may put more development resources into showing them in the native character set – Arabic, Cyrillic, Japanese, Chinese, etc. Displaying emojis would (I think) follow as a consequence of that broader trend.

Understood. Thanks for taking the time to answer my question. I've shared it with my emoji domain colleagues.

 

[xn--v4h.com]

Does GoDaddy allow you to restrict login based on a white list of allowed IP addresses?

Wow!

 

[xn--v4h.com]

I tend to keep my most valuable domains with NameSilo and Epik and I've been happy with both from all perspectives (including security). I tend to use NameSilo more because I like their platform more and the site is faster.
However I would never ever keep valuable domains with GD or other shady registrars (mmmm.... 1&1, bigrock, domain.com & co., etc.).
I do buy domains at GD auctions but I move them immediately to NameSilo by requesting the 60 day lock to be lifted as soon as the domain is in my account...

I don't know too many people at GD but the few I do know they're pretty good people. Been a customer of theirs for a long time. But yeah, if you have a lot of domains you should spread them around to other registrars.

 

[UXela]

@xn--v4h.com also read the horror stories with people getting locked out of their GD account for various BS.
Some of those people lost very valuable domains as a result of this GD bullying.

I once lost access to my GD account for a stupid technical issue.
It wasn't very nice since at that time I had 3 valuable domains there and the GD staff took their time answering and solving the issue. All in all I was locked out for more that 60 hours.

After this experience I moved everything important away from them or any other shady registrar.
Anything that's worth more that $1000 stays with NameSilo or Epik.

 

[xn--v4h.com]

@xn--v4h.com also read the horror stories with people getting locked out of their GD account for various BS.
Some of those people lost very valuable domains as a result of this GD bullying.

I once lost access to my GD account for a stupid technical issue.
It wasn't very nice since at that time I had 3 valuable domains there and the GD staff took their time answering and solving the issue. All in all I was locked out for more that 60 hours.

After this experience I moved everything important away from them or any other shady registrar.
Anything that's worth more that $1000 stays with NameSilo or Epik.

Wow I can see what you mean! If that happened to me, I wouldn't be happy and would be transferring every domain out ASAP!

 

[namesilo]

Great discussion. Since we have been mentioned a few times, I thought I'd point out a few things about our security (it is in our tagline after all!)

• We support 2FA via app, not SMS as we have found that to be less reliable and also potentially subject to fees based on carrier and plan
• We offer Domain Defender (https://www.namesilo.com/Support/Domain-Defender) for free which is both a notification system and a system for preventing changes to accounts or domains if someone manages to get entry to your account. For notifications, customers can select from 20 different options for changes such as account access, domain unlocking, requesting EPP code, etc. Our system will send an email and/or SMS message when any of the selected options occurs. To increase csecurity when using Domain Defender, customers can select between 1-5 question/answer pairs that must be answered before any account/domain changes can be made.
• We implement multiple checks when users attempt to reset passwords and additional checks for removal of 2FA. Our policies also make socially engineering our support staff nearly impossible.
• We have multiple layers of security to prevent brute force attacks against passwords and reset options.
• We utilize multiple third-party services for testing our web site and servers for exploits.

In short, we understand that things can happen outside of our system that makes accounts potentially vulnerable such as email addresses getting hacked, passwords being easily guessed, etc. We therefore offer options that require things such as physical access to a device and knowledge of multiple things theoretically only the account holder could know. We do not enforce usage of 2FA or Domain Defender, but we do make those things available for people who are willing to sacrifice a little in the way of convenience for greatly increased security.

We have offered Domain Defender since our inception and we were one of the first registrars to add 2FA. It unfortunately took a lot of horror stories from people here and on other web sites, forums, etc. for other registrars to come around, but it seems great steps have been taken over the last 1-2 years. It is a major nuisance for registrars such as ourselves to be on the receiving end of stolen domains, so we welcome the fact that other registrars have taken the steps they have to better protect their customers and their valuable assets.

 

[UXela]

@namesilo - great post
You have me as a customer and I'll continue to be your customer for the domain names that really matter.
Since we're talking security - maybe you could add support for DNS CAA - that's about the last thing I'll need from you as far as security goes.

 

[namesilo]

@namesilo - great post
You have me as a customer and I'll continue to be your customer for the domain names that really matter.
Since we're talking security - maybe you could add support for DNS CAA - that's about the last thing I'll need from you as far as security goes.

Many thanks! Let me check with our DNS Admin regarding CAA record support. I seem to recall a few other people asking as well. Might take a day or two to get a response to this due to the Holiday, but I'll post back here once I have an answer.

 

[UXela]

Take your time - not an emergency
In the meanwhile: keep up the good work!

 

[pooky]

@namesilo - Maybe you could let me know why the 'updated' dates (as seen on any whois site) of domains in my NameSilo account keep changing even if I have not logged into my account for some time.

This usually happens at other registrars on renewals, nameserver changes etc., but this seems to happen to my domains at NameSilo often, without any changes by me.

 

[namesilo]

@namesilo - Maybe you could let me know why the 'updated' dates (as seen on any whois site) of domains in my NameSilo account keep changing even if I have not logged into my account for some time.

This usually happens at other registrars on renewals, nameserver changes etc., but this seems to happen to my domains at NameSilo often, without any changes by me.

Could be a few different causes, but the most typical is for domains that use WHOIS privacy since we automatically jumble WHOIS privacy email addresses every 2-3 days for every domain to help avoid spam. If you email [email protected] and include your username or a domain, then we can tell you for sure.

 

[pooky]

This happens to all my domains at NameSilo, with or without privacy.

 

[NameAcquisitions]

So what's the difference between registrar-lock and registry-lock? (assuming you are not talking about the former)

The way I understand it - with registry lock name is hard locked at verisign (com). This way, No matter what might happen to compromise registrar; it could still not be transferred away.

As much as we might trust a registrar with our high value assets, there is another level of protection completely outside. To me, this is a big feature I want but can't seem to get.

 

[namesilo]

This happens to all my domains at NameSilo, with or without privacy.

Please send an email to [email protected] and list a sample domain so we can research further. Thanks