The first post in this series will be dedicated to describing the things we do at Gandi to help keep your domains secure.
What can we can do to protect your Gandi account?Our job is to have processes in place that balance the needs of customers (who are human, and sometimes forget things) with the need to make successful attacks more difficult. At the same time, we don't want to have a scripted system with procedures for everything, or our system will become too hard to use.
We have to have multiple layers to our security. We also have to treat it as a process, with constant improvement based on current threats. Usernames and passwords have their weaknesses, sure, but we can provide additional measures such as two-factor authentication and IP address restriction.
We do offer these features.
We also have to effectively screen out fraudulent requests to access accounts. We get a ton of these, and have a robust way of dealing with them, but (in the sense that security is the inverse of convenience), they involve some requirements for documentation and paperwork, confirmation by you, and ultimately having you prove to a very high level of certainty that you are who you say you are.
Yes, we know that can be a little annoying. But not as annoying as losing your domains.
We have to listen to you. When your accounts are attacked (and they are, every day) it tests our people, processes, and systems. We are constantly reviewing these, and your comments and suggestions help to point to weak points, improvements, and even (in the worst case) actual vulnerabilities. We like to think these are rare, but we need to look at every attack and ask ourselves how it could have succeeded, and how we can stop that from happening.
The FastMail incidentTime for a little story. We have a big customer (Fastmail.fm), who takes security very seriously, and implemented two-factor authentication on their account. Not long after, a determined, targeted effort was made to steal the account. The attacker(s) tried to change the email address and password via the manual email change process, using forged documents and diversionary tactics. They did not succeed. Even if they had, they would not have gotten to the two-factor authentication, but nonetheless it really tested our processes, and Fastmail staff were quick to let us know where we could improve them. (They also wrote a blog post about the experience.)
No one can think of every possible scenario, and while the account was not compromised, we definitely learned a thing or two about how to avoid the pitfalls. Next time the would-be attacker will have an even harder job. That's the value of listening.
Check out Part II of this post: Security tips for protecting your Gandi account