Nominet is boosting the security of the UK namespace to help protect it from attack and exploitation. As part of this, we’ll be offering two-factor authentication access to our Online Services (OS) to registrars later on this year. Two-factor authentication is a two-step verification process and provides an extra layer of security to users accessing online systems.
We are running a limited pilot in September and we will be inviting a small number of registrars to take part. For the pilot, we are selecting those who have approached us about this service in the past, in particular the brand protection sector, and those who log into our OS most frequently.
Two-factor authentication improves security as an intruder would have to gain access to the device where it is installed, as well as acquiring knowledge of the password/passphrase. This new service will reduce the risk of DNS hijacking or confidential information being compromised.
Two-factor authentication will be free and optional for registrars. It uses the Google Authenticator app and plug-in, which are freely available on all major platforms. The current password and optional passphrase system will remain in place and registrars may still choose to use it as an appropriate security measure.
This new service complements the existing Domain Lock service which is aimed at individual domains requiring a high level of protection. It is part of a suite of initiatives in our work to extend our existing products and services and enhance the security of, and trust in, UK domains.
Following a successful pilot, two-factor authentication will be offered to all registrars wishing to use it later on this year. The new security feature will have a phased rollout, with registrants being offered this service at a later date.