Like many other people I own several domain names, and use the free version of google apps to manage the e‑mail for them. A few months ago I read a tale of woe by Naoki Hiroshima, who had lost control of his valuable @N twitter username thanks to a domain name theft.
Naoki had done everything reasonable that I had done, using 2 factor (or 2‑step) authentication for all his major services, including his google account. Unfortunately his domain registrar hadn’t offered 2 factor authentication, and this weak point in the chain was all that was needed for an attacker to take control of a large number of his accounts. I realised I would be vulnerable to the same attack, and immediately resolved to take action.
What was required was a domain registrar with 2 step authentication. The quality of their DNS system didn’t interest me as I already use Route 53 for DNS, and amazon web services do include 2 factor authentication. However, I do have several .co.uk domains which many US registrars don’t seem to offer, at least not with official support. Then I heard that amazon were offering domain registration themselves (via a partnership with an existing registrar). Their prices are very competitive with my former registrar (123-Reg), they already provide my actual DNS service, and of course they have the all important 2 factor authentication. Migration took a matter of hours. .com and .org domains cost $12 to transfer but this included a year extension which is good value just for a renewal price.
In summary — if you have you own google apps with your own domain name, make sure your domain registrar s secure with 2 factor auth. If they aren’t — consider moving!
Got some thoughts of your own? Indulge yourself below by commenting! If you would like to subscribe please use the subscribe link on the menu at the top right. You can also share this with your friends by using the social links below. Cheers.