Effective measures to prevent domain hijacking?

[centoslgd]

Recently one of the guys that I know lost his domain by becoming a victim of domain hijacking. They hacked his gmail  account & got access to his domain registrar control panel & transferred it from there while he was on a vacation.

What effective measures can be taken by a domain owner to prevent his domain from getting hijacked? Are there any domain registrars out there who provide added level of security even if at an additional cost?

 

[William]

Some EU based registrars (like EDIS) need a form for cancellation/transfer, not sure if that provides much added security though if the attacker has access to the victims mail already anyway....

 

[MannDude]

Strong, random passwords that aren't used anywhere else + 2 factor auth.

Sometimes it's a PITA to sign into my namecheap account as I have to go find my phone to retrieve the 5 digit auth code txted to me, but it's a minor inconvenience in name of security.

 

[centoslgd]

Strong, random passwords that aren't used anywhere else + 2 factor auth.

Sometimes it's a PITA to sign into my namecheap account as I have to go find my phone to retrieve the 5 digit auth code txted to me, but it's a minor inconvenience in name of security.

Usually those 2 factor authentications are done by sms messages. What would someone do if he loses his cell phone? 

 

[centoslgd]

One of the most efficient ways to prevent domain hijacking is to select an enterprise-class domain name registry. AT times some domain name companies might target the customers and businesses. They do not offer the security protections that is provided by the corporate domain registrars.

Can you please name of a few enterprise class registrars?

 

[eva2000]

2 step authentication + advanced version of Google Authenticator called Authenticator Plus (allows you to sync to cloud backup and backup all codes to multiple Android devices so I have same set of Google Authenticator profiles setup on 2x mobile phones and 3x tablets).

Loosing a phone ain't a problem... can be a pain to log in but secure

Authenticator Plus generates 2-step verification codes to protect your accounts with your password and phone / tablet.

With Authenticator Plus you can seamlessly sync and manage all your 2-step enabled accounts in phones / tablet / kindle.

 

• Sync Across Devices - seamlessly access and open accounts from you phone, tablet or Amazon Kindle

 

• Android Wear Support - view all your PINs in Android watch

 

• Automatic backup / restore - accounts are automatically backed up to cloud (Google Drive or Dropbox) and can be restored easily

 

• Secure - 256-bit AES encryption and PIN lock for additional security

 

• Advanced security - hardware backed encryption protects your account even in rooted devices

 

• Organize - group accounts with categories and re-order frequently used accounts to top

 

[AMDbuilder]

Make sure you have security questions set (that can't be answered with information available online), and as everyone else has said two-factor.  You should make sure it's enabled on both the email account and domain registrar.

Another good multi-device option: Authy

Naturally, you should use strong passwords as well.  Two-factor helps, but its still only one part of the equation.

 

[raidz]

Usually those 2 factor authentications are done by sms messages. What would someone do if he loses his cell phone? 

Create a second google account and get a google voice #?

 

[robbyhicks]

2FA is the best, I use it on everything.

As said before, Authy works great!

 

[blergh]

Build a bunker, install ISDN and stop using DNS.

 

[Mid]

"They hacked his gmail account..."

That's where the problem was, its not the responsibility of domain registrar. 

Even without 2 factor auth, if he didn't offer his gmail password to the public (it might be a 'remember password' checkbox turned on at a non-personal system), his domain would still be safe on his hands.

You have to understand that 'security' isn't just a product you can buy, but also a sort of practice to follow.

"5 digit auth code txted to me, but it's a minor inconvenience in name of security"

if you go for convenience, you are probably not seeking security