Do you have a domain name? Here’s what you should know
For many registrants, domain names (and the services related to them, such as websites and email addresses) are important to their professional and personal lives. Whether used for e-commerce, or simply to communicate with family and friends, domain names are valuable assets and must be managed with care.
Here are some best practices to help you avoid your domain name being stolen or unauthorized transfers.
Register with an email address connected to your domain name. When you register your domain name, you will be asked to provide contact information, including your email address. This information is put into the WHOIS record for your domain name, which the public can see. It is best to use an email address that is not associated with the domain name you register. For example, if your domain name is example.com, it is a best practice to use a different WHOIS email address than email@example.com.
Here’s why. If your domain name has been stolen by someone who has gained access to your account with the registrar, that person may alter the WHOIS information in order to delete the data that indicates that you are the registered owner of the domain name. If you used an email address not associated with your domain name in WHOIS, you will be able to provide that email address as evidence to the registrar that you were the registered owner of the domain name before it was changed through unauthorized access to your account.
Create a strong and unique password. Protect your email from cybercriminals by creating a unique and tough password. Online services are heavily compromised, making usernames and passwords available to criminals who may try to steal your domain name using information that you provide to other accounts. Avoid this by creating a tough password that you use exclusively for your domain name account.
Do not share your password with others. You are responsible for the security of your domain name. You should never give anyone the login information to your online account. This includes web hosting providers or web designers as well as friends and colleagues. It is not recommended that you list website designers, hosting providers, or any other third party as registrant or registrars of your domain name. If you choose to do so, seek legal advice on contractual obligations that the third party must adhere to in terms of managing your domain.
Inquire about multi-step authentication. Some registrars give registrants the ability to implement multi-step authentication when logging into your account. This gives further protection by requiring a unique security code, in addition to your username and password, in order to access your online accounts. Review the terms of your registration agreement to see if multi-step authentication is available.
Check the account or email account associated with your domain frequently. Whatever email address or addresses you provide, you must be sure that they are active accounts and check them regularly. You need to update your contact information in order to ensure that you receive WHOIS policy reminders notices, subscription renewals, and other important notifications from your registrar. This is especially important for those who use a privacy or proxy service. If you use a privacy or proxy service, try making your name as the registrar of record in WHOIS. This can serve as further evidence to your registrar that you were the registered owner of the domain name.
Ask your registrar to do a transfer lock service for your domain name. You can ask your registrar to activate the transfer locking service for your domain name. Enabling this lockdown service for your domain name is not a fail-safe method of protecting against unauthorized transfer or theft of your domain name, but it can represent another layer of security. Each registrar has a different way of implementing a Transfer Lock Service. Some registrars require two-factor authentication to remove the lock; Some simply request permission from the registrar. Contact your registrar about their policy regarding the transfer lock service and decide if this is a suitable service for you.
Finally, be smart about your online behavior. Be careful with the links you click in emails, the attachments you open, and the websites you visit. As these are the means that criminals can use to steal your username and password.