Today, I started the procedure to change my domain registrar. My final choice was to move it to OVH, a well-known French registrar.
Once the procedure started, I received my credentials, all the welcome messages and the whole pack of information. I immediately logged in my manager to track the status of my requests. Of course, the manager runs over HTTPS.
First, the welcome page present some simple security tips to prevent phishing attacks:
 |
Once logged in, a notification is immediately sent to all registered e-mail addresses to notify me that a connection was made on the manager with my credentials:
Madame, Monsieur, Nous vous envoyons cet email à la suite d'une connexion réussie à votre interface client. Identifiant client : xxxxxxxx Ip de connexion : xxx.xxx.xxx.xxx Heure de connexion : xxxx-xx-xx xx:xx:xx Cet email est destiné à vous sensibiliser à la sécurité des services que vous avez chez OVH et à mieux les protéger. Pour modifier les réglages de ces alertes, rendez-vous dans votre manager. Pour tout savoir sur l'utilisation de l'identifiant client chez Ovh: http://guides.ovh.com/NicHandle/ Nous vous remercions pour la confiance que vous accordez à OVH et restons à votre disposition. Cordialement,
Resumed in English, it says: to increase the security of their services, they jut warned my about a connection made with my credential (with source IP and timestamp).
Even if this is not a bullet-proof solution, I find those initiatives very interesting to keep customers aware of security!