A domain name is the most important asset of your website. It is essential for companies wishing to develop a sales channel or simply increase their online presence. The domain name thus takes the well-known form of www.chosendomainname.com (or .com, .org, .net, etc.) and makes it possible to identify a website. It constitutes the technical means of localization and access to the pages of this site.
The security of a domain name can however be neglected by users and brands. However, a stolen domain name means the suspension of the commercial activity of a company. Here’s how to protect yourself from hacking or domain name theft.
Discover best practices that will allow you to protect your domain name in the long term.
1. Opt for two-factor authentication
Two-factor authentication is fast becoming the norm. Just as it is encouraged for all user accounts to protect against hacking, this secure option must also be applied to access your registrar interface. Double authentication can thus secure access to your account and prevent a third party from accessing your domain name portfolio.
2. Use Registry Level Lock
It is h2ly recommended that you activate the “Registry Lock”, or register level lock, when your registrar offers it to you. This is a domain name locking system that allows you to fill in a restricted list of people authorized to intervene on the domain name.
This security measure aims in particular to prevent:
- the transfer of the domain name to another name registrar,
- changes to the contacts provided for the domain name,
- change of DNS servers,
- deletion of the domain name.
In the event of hacking attempts, the activation of the “Registry Lock” guarantees verification of the registrar which will ensure the legitimacy of the holder following a request of this type.
3. Enable Registrar Level Lock
This is a complementary measure to the activation of the “Registry Lock”. According to ANSSI: “The registrar-level lock differs from the registry-level lock because the lifting of the lock is controlled by the registrar without any communication between the registry and the holder. Compromise of the registrar can therefore lead to the lifting of the lock and the alteration of data. This lock, if well implemented, therefore only contributes to defense in depth but only offers a much lower level of protection than the registry level lock”. This approach ensures that no fraudulent transfer can occur from an unauthorized person. This option called “Transfer Lock” results in a mention “TransferProhibited” in the Whois of the domain name.
4. Opt for automatic renewal
To ensure you keep your domain name, you have the option of opting for automatic renewal. If this option is very practical, however, be sure to remain vigilant as you approach the renewal of your subscription to the chosen domain name, in order to check that the bank details provided are up to date. This is to avoid the loss and usurpation of your domain name, in the event that your credit card cannot be debited.
5. Hide your personal information in Whois
Whois is the database that lists domain names and their holders. Widely used to check whether or not a domain name is available, it can also be accessed by malicious individuals. To protect yourself against hacking attempts, you can decide to hide your personal data (address, telephone number, email) in the Whois.
On the other hand, the information provided (name and contact details) with your registrar must be updated regularly so that the registrar can contact you easily in the event of anomalies.
6. Choose a domain name registrar that supports DNSSEC
DNSSEC (Domain Name System Security Extensions or DNS security extensions) is a protocol that aims to secure the data returned by DNS servers. According to ICANN (Internet Corporation for Assigned Names and Numbers): “DNSSEC strengthens DNS authentication using digital signatures based on public key cryptography. With DNSSEC, DNS queries and responses are not themselves cryptographically signed, it is the DNS data that is signed by the data owner. In other words, data coming from the DNS zone is authenticated end-to-end. DNS security extensions thus prevent hackers from manipulating or contaminating responses to DNS queries.