How secure is your domain registration?

David Pollino
Posted by David Pollino

With all the noise about security breaches and phishing, it’s hard to consider that evildoers might yet find another way to use the Web against you. But if you own a domain and haven’t taken steps to protect your registration, they may very well be doing just that. But don’t despair — protecting your domain registration requires just a few simple safeguards.

Young woman and man professionals looking together at details on computer monitors in front of them.Monitor registration expiration

When you signed up for your domain name, you paid for either a single- or multi-year term. Regardless of the term, it’s easy to forget when renewal time draws near. Most domain registrars offer an automatic renewal, and if your Web domain is important to your business, you should sign up for the option. That takes all the guesswork out of ensuring you continue to own your precious domain.

Lock down domain transfer and DNS records

Your business would suffer if you woke up one morning and found that someone else has taken over your domain. If thieves gain access to your domain account, they can transfer the registration, making it difficult or impossible for you to regain control. Don’t let this happen to you.

Your domain registrar probably offers the ability for you to lock down transfers of your domain. They may charge an additional fee, but it is well worth the protection if it prevents someone from hijacking the domain you rely on.

Possible protections may include simple lock-downs controlled by a PIN, or they may be more advanced, such as implementing two-factor authentication before allowing any changes.

While you’re at it, lock down your DNS servers. DNS is the function that translates your domain name into a specific IP address, and hijacking DNS can wreak havoc with your domain. DNS issues can make it look to customers as though your domain doesn’t exist. Worse yet, the hacker may maliciously redirect your traffic to offensive or competing sites. They can also collect your site visitors’ personal info, opening your customers up to the potential for identity theft or fraud.

For both domain and DNS safety, opt for the strongest protection offered, even if it costs a few more dollars a month.

Keep your domain contact info private

Although ICANN (the domain registration body) specifies that the domain owner must be a legal identity who can be contacted, it doesn’t say you have to use your personal name and address. If you do business under your own name or a DBA, you can use a non-specific name such as “Site Administrator” and set up a special email address for communication about site registration issues and still comply.

You can also add private domain registration services through most providers. They publish a neutral name, address and contact info to appear on Whois so you are complying with the law but not exposing your private info.

Keep your domain contact info up to date

Just because you have authorized your domain registrar to act as your agent on Whois doesn’t mean you don’t have to worry about your contact info. Whether you choose to use your personal data or a contact alias, make sure you keep the information up to date and don’t forget to monitor whatever email account you use so you don’t inadvertently miss important happenings.

Other basic security measures

Basic cyber security controls should be in place for your domain to keep it secure. For example, never share accounts. Everyone who has access should have their own login credentials so you can quickly shut down an account if an employee leaves or their account is compromised. It also allows you to limit permissions to just the functions the specific individual needs,

If your registrar offers it, sign up for two-factor authentication. That way, potential domain thieves have to have your account info and your phone to steal your domain name or DNS info.

Practice good password hygiene by making your password unique and hard to guess. Change the password frequently, and use answers to security questions that aren’t easy to find in your social media accounts or with a little research.

Keeping your domain registration and DNS secure takes a little bit of effort, but it pales in comparison to the time and resources necessary to get it back if they’re compromised.


Reminder: All comments are moderated prior to publication and must follow our Community Guidelines.

  • Anonymous says:

    Everytime I go to the sign in page, my screen name and password automatically appear without my doing anything. I uncheck the box that allows it, but it still shows up. How do I
    prevent this?

    Reply | 12 months ago
    • Editor says:

      Hi there – It sounds like your login credentials may be saved in your browser preferences (which is different from unchecking the “save/remember me” box on a specific website). We recommend checking your browser’s help/support documentation for more information on changing this setting.

      Reply | 11 months ago

Submit an Idea

[contact-form-7 id="32" title="Share An Idea"]

You are leaving the Bank of the West Blog. Please be aware: The website you are about to enter is not operated by Bank of the West. Bank of the West does not endorse the content of this website and makes no warranty as to the accuracy of content or functionality of this website. The privacy and security policies of the site may differ from those practiced by Bank of the West. To proceed to this website, click OK, or hit Cancel to remain on the Bank of the West Blog.