Domain security best practices

5 min read
Joe Styler

Today virtual property is sometimes more important than physical real estate. Don’t believe me? Imagine for a minute that someone stole your main domain — the domain name that’s the online address for your business website or the anchor of your business email address. What will happen to your livelihood if you have to put the brakes on doing business online while you rebrand and market your new domain? Even if your domain name is not an investment-grade name such as, its loss would likely have a significant impact on your life. That’s why domain security is critical.

Unfortunately, many people do not think about protecting their domain until it is too late.

While domain theft is rare, it is always better to be safe than sorry. It’s more common to have access to your domain name removed through less nefarious means, which have nonetheless the same impact on your bottom line. A common scenario? An employee sets up your domain and email, then leaves the company — without leaving you access to your domain account when it comes time to renew it or make a change to the website.

As scary as these scenarios are, there is good news: By following a few domain security best practices, you can protect your digital assets like a pro.

5 domain security best practices

Follow these guidelines to safeguard one of your business’s most valuable assets, your domain.

1. Register your domain name in your own account.

I cannot overstate the importance of registering the domain name in your own account and with your own identity. You can give a trusted employee or webmaster access to the domain without giving them access to your actual account. That way, for example, your technical people can access your domain (or hosting) to work on your website without having the ability to remove those products from your account.

Life rarely goes the way you plan it. Protect yourself from a bad business break-up with a webmaster who gets their dream job in Bali and takes access to your domain with them.

If you’re a GoDaddy customer, here’s how you can share access to your products but not your main account.

2. Use a strong password.

The next thing you should do is protect your account by using a strong password — one that’s nearly impossible to guess or hack to gain access to your account. And make your life easier by using a password manager.

3. Enable two-factor authentication.

Sometimes, even with a strong password, bad people can hack into your account through a tricky technique like malware or phishing. Enable two-factor authentication for an added layer of security. When you enter your password, a separate, unique code will be sent to your smartphone. You’ll enter the new code, in addition to your password, each time you log into your account. This means a thief would needs both your password and access to your phone at the same time.

Pairing a strong password with two-factor authentication greatly increases your protection online.

If you’re a GoDaddy customer, here’s how to enable two-factor authentication on your account.

4. Protect your email address.

Take the extra step to safeguard the email address tied to your account. If someone is able to get into your email, many times they have carte blanche to all your valuable accounts. A quick search through the inbox shows your domains, your bank accounts, etc. It only takes a few clicks to get a password reset — and your account is compromised. This is why enabling two-factor on your accounts — including your email accounts — is so important.

5. Beware of phishing attempts.

If you use email (and who doesn’t?), you could get targeted by an email phishing attempt. It’s hard to keep your guard up all the time, thieves continue to develop more sophisticated methods of gaining access to your accounts. Beware of any email you receive that asks you to click a link that brings you to a screen to enter your username and password. It is always better to go directly to the website in question, verify its authenticity, and log in that way.

Pro tip: Use one email for your important accounts and another for anything that is public, such as the WHOIS record on your domain. That’s the public-facing information about the owner of the domain name, similar to a phone book’s whitepages. Use a separate email account or purchase domain privacy, which hides your real information on the WHOIS so it is harder for people to trick you with a phishing attempt.

By following these domain security best practices, you should be in great shape when it comes to protecting your digital assets.