Effective measures to prevent domain hijacking?

centoslgd

New Member
Recently one of the guys that I know lost his domain by becoming a victim of domain hijacking. They hacked his gmail  account & got access to his domain registrar control panel & transferred it from there while he was on a vacation.

What effective measures can be taken by a domain owner to prevent his domain from getting hijacked? Are there any domain registrars out there who provide added level of security even if at an additional cost?
 

William

pr0
Verified Provider
Some EU based registrars (like EDIS) need a form for cancellation/transfer, not sure if that provides much added security though if the attacker has access to the victims mail already anyway....
 

MannDude

Just a dude
vpsBoard Founder
Moderator
Strong, random passwords that aren't used anywhere else + 2 factor auth.

Sometimes it's a PITA to sign into my namecheap account as I have to go find my phone to retrieve the 5 digit auth code txted to me, but it's a minor inconvenience in name of security.
 

centoslgd

New Member
Strong, random passwords that aren't used anywhere else + 2 factor auth.

Sometimes it's a PITA to sign into my namecheap account as I have to go find my phone to retrieve the 5 digit auth code txted to me, but it's a minor inconvenience in name of security.
Usually those 2 factor authentications are done by sms messages. What would someone do if he loses his cell phone?  :D
 
Last edited by a moderator:
One of the most efficient ways to prevent domain hijacking is to select an enterprise-class domain name registry. AT times some domain name companies might target the customers and businesses. They do not offer the security protections that is provided by the corporate domain registrars.
 

centoslgd

New Member
One of the most efficient ways to prevent domain hijacking is to select an enterprise-class domain name registry. AT times some domain name companies might target the customers and businesses. They do not offer the security protections that is provided by the corporate domain registrars.
Can you please name of a few enterprise class registrars?
 

eva2000

Active Member
2 step authentication + advanced version of Google Authenticator called Authenticator Plus (allows you to sync to cloud backup and backup all codes to multiple Android devices so I have same set of Google Authenticator profiles setup on 2x mobile phones and 3x tablets).

Loosing a phone ain't a problem... can be a pain to log in but secure :)

Authenticator Plus generates 2-step verification codes to protect your accounts with your password and phone / tablet.

With Authenticator Plus you can seamlessly sync and manage all your 2-step enabled accounts in phones / tablet / kindle.

 

• Sync Across Devices - seamlessly access and open accounts from you phone, tablet or Amazon Kindle

 

• Android Wear Support - view all your PINs in Android watch

 

• Automatic backup / restore - accounts are automatically backed up to cloud (Google Drive or Dropbox) and can be restored easily

 

• Secure - 256-bit AES encryption and PIN lock for additional security

 

• Advanced security - hardware backed encryption protects your account even in rooted devices

 

• Organize - group accounts with categories and re-order frequently used accounts to top
 
Last edited by a moderator:

AMDbuilder

Active Member
Verified Provider
Make sure you have security questions set (that can't be answered with information available online), and as everyone else has said two-factor.  You should make sure it's enabled on both the email account and domain registrar.

Another good multi-device option: Authy

Naturally, you should use strong passwords as well.  Two-factor helps, but its still only one part of the equation.
 

Mid

New Member
"They hacked his gmail account..."
That's where the problem was, its not the responsibility of domain registrar. 

Even without 2 factor auth, if he didn't offer his gmail password to the public (it might be a 'remember password' checkbox turned on at a non-personal system), his domain would still be safe on his hands.

You have to understand that 'security' isn't just a product you can buy, but also a sort of practice to follow.

"5 digit auth code txted to me, but it's a minor inconvenience in name of security"
if you go for convenience, you are probably not seeking security
 
Top