As a domainer, you have several important accounts, from accounts at various registrars to PayPal accounts or email accounts and so on. Sure, it’s convenient to use the same password for all of them but if you’re serious about domaining… don’t. Just don’t.
Oh and speaking of email accounts, here’s the second tip. Your whois email address and your email address at the registrar should be different. Period. If DomainA.com is registered at RegistrarX.com, the whois email of DomainA.com should not be the email address associated with your RegistrarX.com account.
Why?
Because domain thieves might perform a whois search to extract the whois email of DomainA.com and use the password recovery system of RegistrarX.com to gain access to your account. So as a rule of thumb, the email address associated with RegistrarX.com should not be one of your common ones. If you want to take security to the next level, create a separate email address for each registrar. Sure, some registrars have security protocols in place which make using the password recovery system in a fraudulent manner more difficult but why take chances?
Most people don’t take security-related aspects seriously, don’t be one of them.
January 23rd, 2012 at 3:26 am
I get what you’re saying with tip #1. But tip #2, is a little bit hazy for me. Could you explain this a little more? It feels like something I should be doing…thanks!!!
January 23rd, 2012 at 6:25 am
@Bernard: let’s assume a thief wants to gain access to your account at RegistrarX.com by using the “recover password” function of that registrar.
If your whois email is also the email associated with your account at RegistrarX.com, then all he or she has to do is gain access to your email account (… and in most cases, that would be easier than gaining access to your RegistrarX.com account through alternative methods) and use that email account to reset the password at your registrar.
If you choose a different email address for your account, then the whois email address would be of no use to the thief in this case and since he has no way of knowing which email address you’re using for your RegistrarX.com account, the previously mentioned method wouldn’t work.
January 23rd, 2012 at 8:34 am
As far as I know, the email address you use to setup an account at a registrar is automatically your whois email address for the domain names you register.
January 23rd, 2012 at 9:10 am
@Joe: if you sign up for an account at RegistrarX.com now and register your first domain then yes, it will use that email address for the whois info by default. Fortunately, you can change your whois details (name, email address and so on) at any given point and that’s the approach I’d recommend.