Security: With Domain Names and Domain Name Brokers
Don’t Lose Your Kingdom: Protecting Domain Name Assets
A few security suggestions all the experts missed
A broker on Wall Street has probably heard of more ways to protect assets than a New York City cop. And a domain name broker is a vital resource to talk with about locking down your online assets. As a domain name broker and in my years at the world’s largest domain name registrar, I’ve seen and heard a lot. I saw one of the biggest cities in the country accidentally delete the nameservers for all their domains, shutting down every website for the whole city.
I’ve seen household brands and political organizations compromised due to basic security oversights. I’ve encountered keyloggers on a Mac through a Skype download. I’ve seen more social engineering attempts than a bouncer at an LA Nightclub. And once, my father’s bank got quite a tongue-lashing from me when they told me their entire security hinged on a password of 1234! We are not security experts, but as domain brokers, people discuss their assets and protection plans with us. We appreciate all our clients’ trust and confidence.
Media Options specifically entered the domain name brokerage business with a goal of growing the domain name industry’s reputation for transparency and accountability.
That’s why all our transactions are visible to buyer and seller in Escrow.com. If the domain buyer or seller wishes to remain anonymous, we provide full transparency with screenshots and additional communications. When we are leasing a domain, with or without lease to own options, domains are secured via Escrow.com’s Domain Name Holding Service. In addition, we employ only a very select few brokers with many years’ experience and strong reputation in the premium domain industry. Bottom line, domains are non-tangible assets.
When choosing a broker or other partner or advisor: research reputation, transparency, and accountability.
Quality resources for this type of info would include www.DNJournal.com, www.DomainSherpa.com, www.DomainInvesting.com and www.DNForum.com. Yesterday we heard about the SSL Heartbeat bug, sure to be historic in online security. This January, a $50,000 one character Twitter handle was lost due to a GoDaddy account being breached via the hacker’s acquisition of some of the owner’s personal information skillfully combined with social engineering.
Then, the hacker was able to use the domain name to access the email address that controlled the valuable Twitter handle. On the opposite end of the spectrum, domain name registrar Network Solutions was under fire the same week for implementing a security feature that auto enrolls clients without their prior consent for a surprise $1,850.00 per year.
Domain names are valuable assets that need to be protected. Beyond the value of a premium domain itself can be additional assets like email at the domain… Email that may access other assets like high value social media accounts, PayPal and bank accounts, gmail password resets and more. Be attentive and intentional about how and which domains link to your valuables.
There are endless articles about the importance of complex passwords, password vaults, backups and more. Amen, amen! But, despite all that, we still saw the New York Times facepalming themselves over last year’s hack, and Mark Monitor’s savvy save for the Facebook.com domain name a few weeks ago. After events like these, it’s only natural to reflect on security.
Domain names are assets not only because of their value, but also because of the options they provide for custom email to manage online identity, security and credibility.
That instant credibility that you get because your email stands out in a client inbox as coming from @GraduateSchool.com? Guess what, the bad guys value that credibility too! Premium domain name owners can also be targeted precisely because a consumer is more likely to open a spam email that comes from a premium domain. Now, today is going to be the first day we hit 90˚ weather here in sunny Phoenix, Arizona. Do you know what that means? Time for constant radio, TV, news and billboard messages about drowning prevention. And the number one recommendation to secure your home and family?
Multiple layers of security.
If you value your premium domain names, secure them with all the passwords and other good recommendations out there. And then, after that, here’s a quick list of the top security features we think all the bloggers missed:
- Corporations and those with established premium websites may consider electing a registrar like 101 Domain or Mark Monitor who offer a lock on nameservers at the registry level. That means that if you want to change nameservers, you have to contact your registrar through a certain process, then wait for them to contact the registry during business hours. “Slow” processes with checks and balances can add significant value to protecting your domain.
- GoDaddy and other registrars offer outbound phone validation services prior to transfer away.
- Fabulous and a few other registrars provide physical key fobs for secure login, including nameserver changes and transfer away.
- GoDaddy offers select clients in the US additional security features for login- you just need to ask. Even if you’re not in the US, it could be arranged with US phone number.
- If you learn your registrar’s systems, there may be profile folders or other features in which you can organize your domain names. If the profile has mandatory features such as registrant info or nameservers, that can’t be changed without an additional step.
Security doesn’t end here. I’ll share one last story, with a moral. I once had a client, a serial entrepreneur with valuable premium domains, who I knew was privately preparing to run for Congress. I received a phone call from someone purporting to be him, who could answer every last security question and personal question. But you know what, I just knew it wasn’t his voice. I calmly put him on hold and called my client’s direct line. At first he was panicked to hear, but after a minute’s conversation we realized it was his father on the other line, who shared his full name and was innocently trying to find his own personal account!
What’s the moral? Personal relationships are one of the greatest security features. When securing your domain names or selecting a domain name broker, take the time to form a relationship and measure reputation, transparency, and accountability.