With recent news about an external account intrusion on another registrar that was facilitated through a social engineering attempt, we at Namecheap want to educate our customers about our security policies.
First and foremost, we encourage all of our customers to use two factor authentication on their accounts. This means that if you want access to your account, you will get it only by using a password and by using a code that is sent to your phone. You will not gain access to your account through a password only; the numeric code that goes to your phone is an added layer of security. (Currently, we only accept SMS authentication but Google Authenticator, Authy, and TOTP authentication are planned.)
If you are at all familiar with social engineering tactics, this is done by speaking to a single support representative who is essentially tricked into believing you are a legitimate account holder of an account you are trying to seize control over. At Namecheap, security is of utmost importance to us, that is why all our security and support staff are well trained and well versed in these types of tactics to prevent and control these situations from happening. We also have a number of strict control, policies, and checklists that they must abide by.
We have gained our reputation of being an extremely secure registrar and web hosting company, and will continue to meet our customers’ expectations of ensuring that your account is never inadvertently or maliciously transferred to someone else at any time.
We know we’ve earned it, but we’ll say it again: we appreciate your trust in our business.