0How to avoid a domain name hijacking

Like many oth­er people I own sev­er­al domain names, and use the free ver­sion of google apps to man­age the e‑mail for them. A few months ago I read a tale of woe by Naoki Hiroshi­ma, who had lost con­trol of his valu­able @N twit­ter user­name thanks to a domain name theft.

Naoki had done everything reas­on­able that I had done, using 2 factor (or 2‑step) authen­tic­a­tion for all his major ser­vices, includ­ing his google account. Unfor­tu­nately his domain regis­trar had­n’t offered 2 factor authen­tic­a­tion, and this weak point in the chain was all that was needed for an attack­er to take con­trol of a large num­ber of his accounts. I real­ised I would be vul­ner­able to the same attack, and imme­di­ately resolved to take action.

What was required was a domain regis­trar with 2 step authen­tic­a­tion. The qual­ity of their DNS sys­tem did­n’t interest me as I already use Route 53 for DNS, and amazon web ser­vices do include 2 factor authen­tic­a­tion. How­ever, I do have sev­er­al .co.uk domains which many US regis­trars don’t seem to offer, at least not with offi­cial sup­port. Then I heard that amazon were offer­ing domain regis­tra­tion them­selves (via a part­ner­ship with an exist­ing regis­trar). Their prices are very com­pet­it­ive with my former regis­trar (123-Reg), they already provide my actu­al DNS ser­vice, and of course they have the all import­ant 2 factor authen­tic­a­tion. Migra­tion took a mat­ter of hours. .com and .org domains cost $12 to trans­fer but this included a year exten­sion which is good value just for a renew­al price.

In sum­mary — if you have you own google apps with your own domain name, make sure your domain regis­trar s secure with 2 factor auth. If they aren’t — con­sider moving!

ਕੋਈ ਜਵਾਬ ਛੱਡਣਾ