I recently acquired a valuable domain name and want to make sure it stays secure and isn’t accidentally transferred away through hacking, social engineering, etc.
Here’s what I’ve come up with so far:
- Ensure the domain name’s status is locked
- Enable 2FA on your CloudFlare account
- Enable 2FA on the email account associated with your CloudFlare account
- Ensure you’re using a unique password for your CloudFlare account
- Ensure you’re using a unique password for your email account
Any other tips?
I noticed CloudFlare allows you to unlock the domain and receive the EPP code without confirmation. It does not ask you to put in your password again. That would be a nice feature to have, so if someone were to get access to your CloudFlare session, they cannot simply unlock the domain and get the EPP code.