Domain Name Security Basics

The most common security threat in relation to domain names is someone gaining access to the account and pointing the name elsewhere; or perhaps trying to transfer it to another party. While breaches like these can usually be easily rectified, a domain that has been altered to point to an unsavory site might not only mean a loss of profits, but also major reputation damage.

Passwords

Unfortunately, registrants often use common passwords or very short passwords that can be easily guessed - a very common one is "password". The more characters and different combinations of characters you use for a password, the harder it is to crack. The addition of numbers and a mix of lower and upper case characters can make it even harder to decipher. Even using numbers and characters, you can still have a password that you can remember; for example: Mogal4u2.

It's actually a very good idea to have a complex password you can remember as writing down a password anywhere poses a security threat.

Access control

Often passwords can be passed around staff members in a business and this poses another substantial security threat. Domain name account login details should only be given to staffers who really need to know and those parties should be instructed the details are not to be shared with anyone else for any reason.

Instruct anyone with access to your account that if they should make any changes to the domain name record, they must notify you either prior to the event to gain permission, or in the case where this is not needed, to notify you when and what changes were made.

It's important to keep track of who has the login details and if a staff member entrusted with your login information should leave your company, immediately change the password - don't wait, as you'll likely forget.

Contact email addresses

The email address you specify as the administrative contact point for your domain name account should be not associated with the domain name and it should be hosted with a separate service altogether, such as your ISP. It should be an account that only you and your most trusted associates or staffers have access to.

Keep contact details up to date

If the worst should come to pass and you need to access your domain name account quickly, if you have forgotten your password and the email address associated with your domain account is no longer operational, you won't receive a password reminder or reset email. Added to that, if another person in your company registered the name on your behalf and they are no longer with you, you may be required to provide additional identification for security purposes to gain access again. These delays are ones you cannot afford if your account has been compromised in some way.

Watch for changes

Keep an eye on changes to your domain name record details by checking regularly, either by logging into your account or using a WhoIs service. Watch for changes to the "last modified" date, which may indicate someone else has accessed the account and made changes since your last login - something worth investigating.

While needing to concern yourself with domain name security issues may seem like an extra burden in your already very busy day, an ounce of prevention is worth a pound of cure.