Use these tools to prevent domain theft and unwanted changes.
Your domain names are valuable. The more valuable your domains, the more likely they’ll be targeted by thieves.
What can you do to protect these assets? Domain registrars offer varying levels of security. Let’s run through some of these features and a feature I’d like to see.
Two-factor authentication – This is a must. If you don’t turn two-factor authentication on for your account, don’t blame anyone if your domains are stolen. If your registrar doesn’t offer two-factor authentication, move your domains elsewhere — full stop. While you’re at it, make sure two factor is on your email account because that’s what thieves often use to get into your registrar account.
There are different types of two-factor authentication. Ideally, use physical key authentication rather than SMS or an authenticator app.
Registry lock – Registry lock adds another layer of protection against unwanted changes, particularly to your nameservers. This is different from registrar lock that locks your domains from transfer. (Registrar lock is so basic that it’s not even worth including in this list.) Registry Lock is ideal for any website with important content, such as an active website that generates significant revenue. This will keep someone from making an unwanted nameserver change and hijacking visitors.
Domain transfer verification – GoDaddy is the only registrar I’m aware of that offers this, and only to top accounts. The company will call you before any transfer out of your account, and you have to provide a pin to verify the transfer. It adds a step that can be a nuisance, but it also offers peace of mind and should prevent unwanted transfers. This service is one of the main reasons I keep my domains at GoDaddy.
Automated login notice – This is something PorkBun offers. When you revisit PorkBun and are still logged in because of a cookie, it emails the account owner to let them know that someone (hopefully you) accessed the account. I’m not sure if I like this or think it’s annoying, but it makes me think that PorkBun has security at the top of mind, which is good.
SMS notifications of significant changes – Do any registrars offer this? It’s easy to overlook email notifications, so it would be nice if registrars texted you whenever a major change is made. I want to configure these, but at minimum, I’d like to know if a domain is unlocked or transferred out. An option to be notified of contact changes and nameserver changes would also be nice. I’d also like a text if someone logs into my account from any country other than my home country.
Of all of these, two-factor authentication is the bare minimum security you need on your accounts these days. I’d like to see more registrars offer the other options.
