Account security

At a glance

  • As standard your Online Services account is secured with a password of your choosing
  • Passphrase and Two Factor Authentication offer additional security levels
  • For the UK namespace, individual domains can also be given an additional level of security with Domain Lock

Migrating to TLS 1.1

From 3 November 2015, to access the Online Services website, your browser and operating system must support:

  • TLS 1.1 and/or TLS 1.2

The table below shows browser compatibility based on information from the browser providers.

BrowsersDefault support for TLS 1.1 and/ or 1.2Support available but not set as default – will require configuration changes to enable
Internet ExplorerFrom version 11versions 8-10
ChromeFrom version 22 
FirefoxFrom version 27versions 23-26
SafariFrom version 7 

Keeping your Online Services account secure

Nominet is committed to boosting the security of the UK namespace, helping to protect it from attack and exploitation. We want to help you keep your Online Services account secure from unauthorised intruders.

As standard your Online Services account is secured with a password of your choosing. See below for advice about choosing a secure password.

In addition to your password, we have two optional levels of security that you can apply to your Online Services account depending on your security requirements: passphrase and Two Factor Authentication (2FA).

Both a passphrase and 2FA can be added to your account free of charge.

You can view or change your current security settings in Online Services at any time by going to ‘Login Settings’ and selecting the relevant option.

Passphrase

A passphrase consists of 6-16 characters and is different to your password. Once you have set up a passphrase, you will be asked for 3 random characters from it every time you log into Online Services, in addition to your email and password. See here for advice about setting a secure passphrase.

If you forget your passphrase you will need to contact Customer Services. We will take you through security questions and once we have verified your identity we will delete your passphrase. You can then reset your passphrase when you re-access your Online Services account.

Two Factor Authentication

Two Factor Authentication (2FA) is a two-step verification process that provides an extra layer of security to users accessing Online Services. It is achieved by combining:

  1. Something you know (your login and password)
  2. Something you have (your smartphone or another device with which you can generate a unique passcode using a free third party app such as Google Authenticator)

2FA improves Online Services account security as an intruder would have to gain access to the device where it is installed, as well as acquiring knowledge of the password/passphrase. The service reduces the risk of DNS hijacking or confidential information being compromised, and is part of a series of initiatives to enhance the security of, and trust in, UK domains.

See our 2FA User Guide for detailed information on

  • How to use Two Factor Authentication in your organisation
  • Instructions for setting up 2FA, logging in and adding/deleting devices
  • FAQs, troubleshooting and glossary

2FA in brief

2FA is optional and available at no extra cost. It uses the Google Authenticator apps and plug-ins - which are freely available on all major platforms - to generate secure codes that will allow you access Online Services. You can install Google Authenticator on a smart phone, tablet, laptop or PC.

Once you have activated 2FA on your account you will be required to enter a 6 digit passcode every time you access Online Services, in addition to your email and password. If you previously had a passphrase set up you will not need to enter it if you are using 2FA.

How do I sign up to 2FA?

You can either follow the system prompts when you first login to Online Services or you can go to ‘Login settings’ and select ‘2FA - Add/manage devices’. The user guide explains the processes for signing up.

See here for further information on Nominet introducing 2FA.

Domain Lock

For the UK namespace, if you require additional security for an individual domain you can apply Domain Lock which allows domain names to be locked at the registry level. This is charged at £75 p.a. per domain. This means that no changes can be made to the Domain Name System (DNS) configuration unless unlocking is explicitly requested by a pre-authorised representative through an additional authentication process.

See here for more information on Domain Lock.

Setting a strong password or passphrase

It is important that you choose a secure password to protect your Online Services account:

  • It should contain a minimum of 8 characters.  The longer it is, the harder it is to crack
  • Do not use common passwords such as ‘password’, your date of birth, pet name etc.
  • Do not use a number sequence (1234) or repeated numbers (1111)
  • For additional security, consider adding uppercase letters, symbols and numbers
  • Use a different password for all your different accounts and never tell anyone else your password

If you use a passphrase to add security to your account you should also:

  • Ensure your passphrase is between 6-16 characters long – the longer it is, the harder it is to crack it
  • Use a phrase rather than a single word as this will be more difficult to crack
  • Use a memorable expression you will be able to recall. For example you might choose “I love green apples” which could be entered as “ilovegreenapples”
  • To make this even more secure you could change some of the letters to numbers and use a combination of upper and lower case characters: “iL0v3Gr33nAppl3s” 

Help

If you forget your Password or Passphrase or have any difficulties logging into your Online Services account you should contact Customer Services.