1. 27

  2. 3

    The ordinary domain owners amongst us would probably like a registrar that used real 2FA (i.e. no SMS tokens masquerading as 2FA) and had a phone tree that couldn’t be trivially socially engineered.

    Anyone have any recommendations?

    1. 3

      I use NameSilo. They have 2FA (with TOTP) and an additional Domain Defender option that notifies you of changes.

      1. 1

        NameSilo certainly makes it very difficult to transfer a domain out to another registrar.

        If you use their domain privacy service you’ll never get the emails of the other registrar, they only allow you to cancel the outgoing transfer and not to expedite it, and finally once you pass all the hurdles the actual transfer takes 7-8 days instead of the standard 5.

        I was with them for all of my domains, but after that recent transfer experience I’ll move everything elsewhere, regardless of how painful they try to make it.

      2. 3

        Hover has TOTP.

        1. 1

          I use Hover. I switched to them about a year or so ago, specifically because they had TOPT/2FA, and my previous registrar did not. Hover is pretty ok so far.

        2. 1

          I’ve been using NameCheap for a while for all of my domain names, and they just started using a custom phone app to do their 2FA instead of only SMS. Never tried to check the security of their phone tree though.

        3. 1

          Is it just me or ‘mission-critical’ just sounds like pretentious corporate speak?

          Same with corporate ‘mission statement’. Yeah your mission is to make money there’s no need to act like you are here to herald the coming of a global revolution.