In Part I of this post, we described some of the ways we help keep your domains secure. But it's not just up to us; security is a joint effort between us and you, and there are many things you can do to minimize risk.
So, what can you do to protect your Gandi account?
Use your real name.
It is super important that the whois data be fully accurate and verifiable.
As much as we support your right to privacy on the internet, domain names are one area where it's really important to use your legal name. ICANN rules and relevant law is more or less clear on this: the registrant name = the domain owner.
Using a pseudonyms or your initials as the registrant name might sound like a good way to hide your identity and thus protect your privacy and the security of your account, but it actually increases your risk. UIt's also a violation of our terms of service (pdf, see sections 4.1 and 12.2.1), by the way.
On a related note, be sure to keep your contact information up to date!
Deactivate password resets via email, or at least choose your security question wisely.
You have the option of allowing password resets via email. This feature
is on by default, and, depending on how your account was created, a
security question may not be present by default.
If you choose to leave this feature enabled, be sure to choose your security question and answer wisely. Remember that the answer to your question doesn't have to be the truth. Store it in your secure password manager.
Use a dedicated email address for your Gandi handle that isn't used for any other purpose, and guard it carefully.
Instead of a generic address like hostmaster@, use a separate, dedicated address that's not used for anything else. You can only associate one email address with your Gandi account, and it's important to choose it wisely. You have a couple of options:
- You can use a mailbox associated with a domain you control. (See the next section for an important caveat!) If you own, say, example.com, you could use firstname.lastname@example.org as your account email. It is imperative that you guard this domain carefully! If its MX records are compromised, things like password reset mails could be diverted. [For an IRL example of this tactic, see the theft of @N.] Also, make sure these mailservers are not susceptible to DDoS [this is what the attacker tried in FastMail's case).
- You can use an address from an email provider, such as Gmail (or FastMail! ). Choose the provider wisely, and be sure to activate two-factor authentication there, too. If someone gains access to that mailbox, you could be in trouble.
Don't use an email address that is dependent on a domain owned by that handle.
For example, don't use email@example.com on the same handle that owns the domain example.com. Why? Because if your domain expires, you won't be able to reset your password. Because domains can be renewed from any handle, you can always create a new one just for that purpose, but that's a pain. And if your domain reaches the redemption period, restoring it doesn't recreate the mailbox, so you'll have to request a manual email change.
Activate anti-spam so your real email address isn't visible in the whois.
One of the issues highlighted by FastMail was that in their case, the
attacker subscribed their email address to a bunch of mailing lists so
that they'd be more likely to miss our emails about the manual email change that had been requested.
This could have been avoided if they had anti-spam protection activated, which replaces your real email address in the whois with an obfuscated forwarding address. The attacker still would have been able to use the obfuscated whois address to list-bomb them, but a) it's easy to filter these, and b) regenerating the anti-spam address would have immediately stopped the flood. (Edit: To regenerate the anti-spam address, simply resubmit your handle contact info, with or without actually changing anything.)
Instead of sharing the login and TOTP seed with multiple people, use a different Gandi handle for the admin, tech, and/or billing contacts.
The admin contact can do anything the owner can, except change the owner. The technical contact can do most of the everyday tasks you probably need to do. If you must share access to a handle, use the technical or admin contact to do so instead of the owner.
Enable IP address restriction on your account.
This is an advanced feature that lets you specify specific IP addresses and ranges that are permitted to be used when logging in to your account. Be careful! If you make a mistake, you can end up locked out of your account and be back to having to prove your identity all over again.
Talk to a human.
If you're concerned about the security of your account, feel free to contact us. We can add a note to your account to be extra vigilant about any requests for changes.
Security in Layers
There is no one-size-fits-all approach to security. Not all levels of security are appropriate to all customers or for all situations. If you only have one domain and you log in once a year to renew it, it doesn't make sense to have IP restriction and 2FA on your account. If you have 300 domains and 6 servers, you probably ought to have both, plus any additional layers of security we decide to implement in the future.
There's a balance between security and convenience; choose what's appropriate and let the layers work in your favor.
Do you have anything to add? Let us know in the comments, or tweet us @gandibar.
- Gandi helps guard your privacy, July 2008
- 8 Things a Domain Thief Loves, February 2009
- Gandi fights back against domain abuse, January 2007
Special hat tip to FastMail for inspiring this post, and to their dedication to making the internet a more secure place for all.