Preventing Domain Name Theft

Domain names are valuable internet real estate and from time-to-time, they are stolen or compromised. If you’re someone who is actively using domain names for a business or personal website then imagine waking up one morning only to find your website is down and you can no longer send or receive emails. After investigating further, you discover there is no technical issues with your web hosting provider and instead, you no longer have control over the DNS of your website! This would be detrimental to most business owners out there. Thankfully, there are some simple things you can do to stop domain name theft and prevent yourself from becoming a victim.

What is Domain Name Theft?

The process of domain name theft consists of transferring a domain name illegally to another registrar without the domain name owner being aware. Other names for domain theft include domain hijacking and the most common ways it happens are from social engineering, email vulnerabilities, phishing websites, and keyloggers. Once the hacker can get into your domain registrar account things can take a turn for the worse quickly.

How To Prevent Domain Name Theft

There are several different steps you can take in order to prevent domain theft. Consider each of the options below and try to apply as many as possible to keep yourself safe from online domain hijackers!

Enable Multi-Factor Authentication – Multi-Factor Authentication requires both basic authentication (usually using a password) plus another form of authentication. Most domain registrars offer some form of additional authentication (often times it’s SMS) and by enabling this it will usually be enough to stop a hacker dead in their tracks. The hacker would also need access to your mobile device or an authentication app like Google Authenticator to retrieve the second-factor authentication code, which they most likely would not have.

Use Different Email Addresses – When registering a domain you’re required to provide contact information which will be associated with that domain name. When adding a domain make sure the contact email address different than the email for your login. The most secure option would be to make a new email account specifically and only for use for the contact of your domain and enable multi-factor authentication on that email account as well. The admin contact of the domain would receive notification about any transfers. So, if a hacker gained access to your email, was able to break-through the authentication on your domain registrar account, you would be notified via the alternate email address (Admin Contact) that there is an attempt to transfer your domain and could proceed to cancel it.

Use Strong & Unique Passwords For Everything – The minimum requirements are never strong enough for good passwords. Just because the minimum says it must be 7 characters doesn’t mean you should make it seven. In fact, according to Wired, your password should be at least 12-15 characters long. Make sure you are using strong passwords that contain a variety of letter, numbers and special characters!

Creating unique passwords and setting up additional login verification steps might seem like a hassle. But trust me, it’s much better than waking up one day and finding you’ve had several great domains stolen! Implement some of these security measures and you can rest peacefully at night knowing that your protected and nobody (aside from you) will be gaining access to your prized internet real estate empire!