5

I have all of my domains locked, so that they cannot be transferred without first unlocking. However, I can't think of any scenario where this lock increases security.

In order to transfer, one must obtain an authorization code. To do this, you have to log into the domain account. If someone can login to get this auth code, they can also log in to remove the domain lock. And the unlock is instantaneous, so it doesn't delay the transfer ability of a hacked login.

When did this lock become standard with registrars, and why does it exist? Is there some way a person could obtain a transfer code without logging in?

Stephen Schrauger
  • 938
  • 6
  • 11
  • 1
    "Is there some way a person could obtain a transfer code without logging in?" - It depends on registrar. – Vilican Sep 29 '15 at 16:47

1 Answers1

1

Domain locking is meant reduce domain hijacking. That said, it is not clear that all implementations provide protection. Especially being that many domain hijacking attacks occur via social engineering targeted to the support personnel of registrars.

Neil Smithline
  • 14,621
  • 4
  • 38
  • 55