Taking a look back at domain name registration in 2014
2014 was full of many exciting new developments in the domain name registration market. A number of new domain names were introduced recently by ICANN, and dozens of them gained a lot of traction over the course of 2014. 2014 also saw attempts to steal domain names worth millions.
Even ICANN, the organization that oversees all domain names in the world fell victim to a phishing attempt, and ended up being compromised for a short while. How does one even begin to ensure the safety of his or her domain name, when the employees of the foremost authority on domain name registration can fall victim to these elaborate phishing attempts?
Domain names are much easier to steal compared valuable physical objects, or even bank account details of people. It is high time that domain name registration authorities and individual registrars took this matter seriously and implemented better security practices.
Instead of moves like the RAA which requires domain name owners to verify their ownership through the use of emails, the trick that was used to compromise the ICANN domain, two factor authentication needs to be introduced across the industry, with all the registrars making sure that it is implemented for their customers.
The RAA, or the Registrar Accreditation Agreement essentially requires that all customers who register a new domain must provide whois verification. In the absence of this verification, domain name registration can be suspended and even cancelled. While there need to be checks in place to curb fake domain name registration practices, the RAA method employed by the registrars is simply too flawed. A simple email is sent by the registrars to their customers, and can be easily faked by phishers to fool customers into divulging confidential information. If RAA is to be continued in 2015, registrars should educate their customers on how to identify authentic emails and differentiate them from the fake ones, while also implementing two-factor authentication for enhanced security.