The most common security threat in relation to domain
names is someone gaining access to the account and pointing the name
elsewhere; or perhaps trying to transfer it to another party. While
breaches like these can usually be easily rectified, a domain that has
been altered to point to an unsavory site might not only mean a loss of
profits, but also major reputation damage.
registrants often use common passwords or very short passwords that can
be easily guessed – a very common one is “password”. The more
characters and different combinations of characters you use for a
password, the harder it is to crack. The addition of numbers and a mix
of lower and upper case characters can make it even harder to decipher.
Even using numbers and characters, you can still have a password that
you can remember; for example: Mogal4u2.
It’s actually a very good
idea to have a complex password you can remember as writing down a
password anywhere poses a security threat.
passwords can be passed around staff members in a business and this
poses another substantial security threat. Domain name account login
details should only be given to staffers who really need to know and
those parties should be instructed the details are not to be shared with
anyone else for any reason.
Instruct anyone with access to your
account that if they should make any changes to the domain name record,
they must notify you either prior to the event to gain permission, or in
the case where this is not needed, to notify you when and what changes
It’s important to keep track of who has the login
details and if a staff member entrusted with your login information
should leave your company, immediately change the password – don’t wait,
as you’ll likely forget.
Contact email addresses
email address you specify as the administrative contact point for your
domain name account should be not associated with the domain name and it
should be hosted with a separate service altogether, such as your ISP.
It should be an account that only you and your most trusted associates
or staffers have access to.
Keep contact details up to date
the worst should come to pass and you need to access your domain name
account quickly, if you have forgotten your password and the email
address associated with your domain account is no longer operational,
you won’t receive a password reminder or reset email. Added to that, if
another person in your company registered the name on your behalf and
they are no longer with you, you may be required to provide additional
identification for security purposes to gain access again. These delays
are ones you cannot afford if your account has been compromised in some
Watch for changes
Keep an eye on changes to your
domain name record details by checking regularly, either by logging
into your account or using a WhoIs service. Watch for changes to the
“last modified” date, which may indicate someone else has accessed the
account and made changes since your last login – something worth
While needing to concern yourself with domain name
security issues may seem like an extra burden in your already very busy
day, an ounce of prevention is worth a pound of cure.
Michael is currently consulting for Domain Registration Services, who have been providing domain names and website hosting services to individuals and businesses in Australia and around the world since 1998 – Start your domain name search now.