Protecting against unauthorized domain transfers

Once a domain name transfers to another registrar it can be difficult to reacquire, especially if the transfer was in compliance with ICANN policy. If the registrar is not willing to transfer the domain name back into your control, then your options for recovery become limited.

The registrant/account owner is responsible for the security of the domain. You should never give your registrar login information to anyone. This includes web designers, hosting providers, friends, cousins, siblings, and even your own parents.

Our first recommendation in securing your domains would be to add Two-Step Verification to your registrar account. offers Two-Step Verification through a free service called Google Authenticator. It helps protect your accounts and your identity by requiring a unique security code—in addition to your username and password—to access your online accounts. Some registrars offer this kind of service at a cost, but gives it for free (because we love you).

If you are at all concerned about the safety of your domains, then Two-Step Verification should be active on your account.

It is essential that the email address you choose for your registrar account is kept as secure as possible. In the absence of dual factor authentication, your registrar account is only as secure as the email address associated with it. Most registrars’ lost password tools send directly to the email address you set for the account, including’s password recovery tool. This means if a hacker was able to access your personal email then they could potentially recover your registrar account login information and reset your passwords.

We recommend using a Gmail account, and not an email tied to your personal domain name. A good password will also protect your account. For more information on the best possible password, please see Creating a strong password.

Have more questions? Submit a request


Article is closed for comments.