zlacker

[parent] [thread] 3 comments
1. andrey+(OP)[view] [source] 2018-09-27 21:55:29
Security wise, are you on par with MarkMonitor?
replies(2): >>zackbl+z1 >>WordSk+351
2. zackbl+z1[view] [source] 2018-09-27 22:08:03
>>andrey+(OP)
Our Custom Domain Protection is even more secure than MarkMonitor, but the overhead of doing that also makes it almost as expensive. Our at-cost standard domain service includes as much security as we can build into it without a large human component being required (2fa, etc.).
replies(1): >>r1ch+57
◧◩
3. r1ch+57[view] [source] [discussion] 2018-09-27 22:51:16
>>zackbl+z1
I've been trying to find a registrar with more-than-normal security without much luck. I want a registrar that will stand up to a sophisticated social engineering attack using leaked documents and personal information etc. The big names like MarkMonitor start at like $50k, mid-range ones like CSC leave me with an uneasy feeling given they do so many things with a clunky web UI and over email. I don't really even know any other options in this space.

One option that could scale well with the standard service is allowing customers to upload photo ID / business registration etc and locking down the account so that customer support can never touch anything. Should the customer lose their password / 2FA etc, then they would need to physically go to an office location for ID verification (and a $xxx inconvenience fee). I've had some limited success implementing this system with conventional registrars but I would be more comfortable if it were an actual product offering.

4. WordSk+351[view] [source] 2018-09-28 13:49:02
>>andrey+(OP)
MarkMonitor supports UF2, Cloudflare does not.

U2F allows you to secure your account with hardware tokens, such as Yubikeys.

Cloudflare does support "soft 2FA", which is two-factor authentication using apps, which is good, but could be vulnerable if a remote hacker gets hold of your 2FA secret by, for instance, compromising your password manager.

If you are keeping it only in the app but lose or break your phone, you will have to go through a verification process to regain access to your account. This process is, itself, a huge target for hackers.

For protecting domains that are important to your business - and, indeed, protecting your Cloudflare settings - nothing beats having two hardware tokens associated with your account, each located in a separate, secure location. They are inexpensive, do not need to be recharged, are almost impossible to break, are easily hidden and, if you lose one, you can use the other until your replacement arrives.

[go to top]