Domain theft is an issue but it doesn’t have to be. Most registrars don’t even make an attempt to secure your domains other than a username and password to your account. Godaddy has a security measure that they think is foolproof that involves an account representative calling you at your personal phone number and giving both a four digit pin and a verbal OK to transfer. No doubt it works but what about weekends, late nights, transfers that need to be done quickly?
When you rely on an agent to handle your transfer your domains you are relying on their time schedule. They can’t work all the time. Most of the time they’re only going to put in 40 hours a week. Last week my guy was sick. Sure someone sat in for him but they don’t know my voice. Not saying he does, but I think we have a good enough relationship that he would know if someone else used my phone and tried to handle the call. Weekends are extremely frustrating. Anyone willing to pay good money for a domain is willing to wait but I do like to get the money in my hands and the domain in the buyers as quick as possible. The Internet moves fast. Telling them they have to wait a few days will occasionally put a little bit of doubt in their head about your honesty. All this is unneeded. Registrars could easily prevent domain theft with very little cost and save any labor they are already putting into their domain protection. Here’s how
Setting up a “transfer section” of the registrar would do the trick. To enter the transfer section you would need to trigger a SMS text (OTP, one time password). You would combine this OTP with a four digit permanent password that the user picks and enters it in addition to the SMS password that is sent to the user’s phone. If you keep the four digit password in the transfer section that can only be opened through SMS you have taken away the ability for everyone but the most gifted hacker to steal a domain from you. Even if they stole your password to get into the account, they couldn’t get into the transfer section. If they have your phone, they need your four digit personal password. The chance of them getting all three are very remote. The last step would be making the customer wait a few days if they lose their pin. If someone requests a pin change alerts will be sent out and you would have time to check into it and it would make the would be domain theif wait it out and thieves don’t like waiting around.
And all this can be automated and done for pennies per transfer. The coding, programming, and sms all have costs but certainly would be less than accounts reps (sorry account reps don’t mean to take your jobs away) and who wouldn’t want to have a registrar where your client’s domains are guaranteed safe? Paypal and my bank have this added security, it’s about time the registrars do as well.