Best practices for keeping your domain names secure?

I recently acquired a valuable domain name and want to make sure it stays secure and isn’t accidentally transferred away through hacking, social engineering, etc.

Here’s what I’ve come up with so far:

  • Ensure the domain name’s status is locked
  • Enable 2FA on your CloudFlare account
  • Enable 2FA on the email account associated with your CloudFlare account
  • Ensure you’re using a unique password for your CloudFlare account
  • Ensure you’re using a unique password for your email account

Any other tips?

I noticed CloudFlare allows you to unlock the domain and receive the EPP code without confirmation. It does not ask you to put in your password again. That would be a nice feature to have, so if someone were to get access to your CloudFlare session, they cannot simply unlock the domain and get the EPP code.

1 Like

Three more tips:

  • Ensure whois data is up-to-date
  • Ensure email addresses in whois data are secure (see above)
  • Add as many renewal years as possible (10 years for .com)
1 Like

Also make sure the email account associated with your Cloudflare account is not on a domain you’ve added to Cloudflare. I use Protonmail, so that end is pretty secure.

3 Likes