Protecting Against Unauthorized Domain Transfers

Once a domain name transfers to another registrar it can be difficult to reacquire, especially if the transfer was in compliance with ICANN policy. If the registrar is not willing to transfer the domain name back into your control, then your options for recovery become very limited.

The registrant/account owner is responsible for the security of the domain. You should never give your registrar login information to anyone. This includes web designers, hosting providers, friends, cousins, siblings, and even your own parents.

Our first recommendation in securing your domains would be to add two step authentication to your registrar account. offers two step authentication through a free service called Google Authenticator. It helps protect your accounts and your identity by requiring a unique security code—in addition to your username and password—to access your online accounts. Some registrars offer this kind of service at a cost, but gives it for free (because we love you).

If you are at all concerned about the safety of your domains, then two step authentication should be active on your account.

It is essential that the email address you choose for your registrar account is kept as secure as possible. In the absence of dual factor authentication, your registrar account is only as secure as the email address associated to it. Most registrars’ lost password tools send directly to the email address you set for the account, including’s password recovery tool. This means if a hacker was able to access your personal email then they could potentially recover your registrar account login information and reset your passwords.

We recommend using a Gmail account, and not an email tied to your personal domain name. A good password will also protect your account. For more information on the best possible password, please go here.

Have more questions? Submit a request


Please sign in to leave a comment.