Worried someone takes over the registrar account and steals the domain
Domain account takeover almost always starts with mailbox compromise or phishing of the owner. The fix is layered: strong password plus FIDO2 MFA, registrar lock, recovery mail separate from primary work mail, and monitoring on transfer events.
Try this first
- 1Enable FIDO2/passkey or TOTP MFA on all registrar accounts. SMS MFA beats nothing, but SIM-swap remains a risk.
- 2The registrar recovery mail must be a dedicated mailbox, not your work info@ or a personal Gmail registered everywhere.
- 3Enable registrar lock (transfer-prohibited) and domain lock (update-prohibited). At most registrars that is one click.
- 4Turn on email notifications for every change: NS change, DS change, transfer-out request, contact change.
- 5Store the registrar password in a shared password-manager vault with audit log, not on one person. On their departure rotation is required.
When to bring us in
If you want end-to-end registrar hardening with monitoring and an incident runbook, we can do it in a short session.
See also
- Domain expires tomorrow and nobody saw the emailAn expired domain doesn't transfer instantly. There's a redemption window, but you pay extra.
- Unsure whether to enable auto-renewDisabling auto-renew only makes sense for domains you'll truly drop. For anything live, just keep it on.
- New registrar asks for auth code, can't find itEPP code or transfer code is the password to move a domain from registrar A to B.
None of the above fits?
Describe your situation below. We pass your input plus the steps you already saw to our AI and return tailored next-step advice. If it's too risky to DIY, we'll say so.
Or skip the DIY entirely
Our Managed IT clients do not look these things up. One point of contact, a fixed monthly price, resolved within working hours.