easyDNS provides multiple methods to protect your user account and all its contents.
These methods currently include:
- Access Recovery and Support (either 3 security answers or ESM [Enhanced Security Mode])
- 2-Factor Authentication
- Device Fingerprint (tied in with 2FA)
- Access Control List
- Failed Login Attempts
- Country-Based Login Restrictions
- Activity Notifications
To access the security settings, please do the following:
1. Log into your easyDNS account.
2. Click on SECURITY.
You should now see the following listed:
Access Recovery and Support
This feature allows you to customize your account security by either using our standard ‘Secret Questions and Answers’ or our ‘Enhanced Security Mode.
Please note that under the ‘Enhanced Security Mode’ the 12 words are randomly picked for you. Before continuing, you must print or save them and keep them in a safe place because you will require them to get access to your account should you ever lose your password. Make sure you preserve the order in which the words are listed.
The phone access code, combined with another piece of information (such as a domain name or your user name), will permit easyDNS to confirm some of the account holder information.
2-Factor Authentication
This feature requires that the user log in twice with the second login being an ‘authentication token’ that gets delivered to you either via Google Authenticator, SMS, or email. This is especially useful for users who like to use traditionally weak passwords.
You can get Google Authenticator for Android HERE.
You can get Google Authenticator for iOS HERE.
Please note that if you get locked out of your easyDNS account due to the 2nd Factor being lost, compromised, or unavailable, then the only way to get access is by contacting our support staff and providing the answers to your security questions.
Device Fingerprint
When you try to log in to your account without having two-factor authentication (2FA) enabled, the system first checks your login device’s fingerprint. This fingerprint includes information about your device’s location and browser details.
Location Check: The system verifies your login location. If it’s significantly different from your usual login locations or in a suspicious or unfamiliar location, it raises a flag.
Browser Details Check: The system also examines details about the browser you’re using to log in. This includes information like the type of browser, version, and any plugins or extensions installed. If there are inconsistencies or unusual patterns detected, it raises another flag.
If either the location or browser details raise suspicion, the system won’t immediately grant access to your account. Instead, it initiates an additional security step:
Email Verification Code: The system sends a unique verification code to the email address associated with your account. This code serves as an extra layer of security to ensure that it’s you trying to log in.
Once you receive the verification code in your email, you’ll need to enter it on the login page to proceed. This step confirms your identity and grants you access to your account.
By combining location and browser details with email verification, this login device fingerprint check helps protect your account from unauthorized access, especially when 2FA isn’t enabled. It adds an extra barrier for potential hackers trying to breach your account’s security.
Access Control List
It is possible to limit logins to your easyDNS account so that logins will only be accepted from network locations specified by you. This vastly improves security in the case where your account username and password are compromised, a third party may not be able to log into your account and assume control of your domains if you have an Access Control List specified limiting logins.
Improperly formed Access Control Lists can result in locking yourself out of your easyDNS account. You should always test your ACLs using the TEST WITH CURRENT IP ADDRESS utility before committing them. If you are not sure how to proceed or do not fully understand the scope of this tutorial, you should contact support before enabling an ACL.
Remember, ACLs do not replace other security considerations, they enhance them. It is still your responsibility to secure your username and password as well as to select secure answers to your secret questions.
Failed Login Attempts
If you suspect any sort of unauthorized login attempts, you can get further information by checking out this section.
Country-Based Login Restrictions
Login restrictions provide an additional layer of security for users by limiting which countries (as reported by GeoIP) a login request can originate from. Login restrictions will prevent access from any country not provided in the list below. This follows the filtering already available in your account’s ACL restrictions.
Geolocation is the identification of the real-world geographic location of an Internet-connected device (computer, phone, etc.). IP address geolocation data can include information such as country, region, latitude, longitude, and a variety of other data. easyDNS uses this technology to determine the originating country of the IP address attempting to log into the account and restrict access based on your configuration.
For a complete list of country codes you may restrict access to, please visit the IANA Root Zone Database HERE.
Activity Notifications
This section allows for notification customization. You can get notified if:
- Someone makes a successful login
- Too many attempts to log in (unsuccessfully)
- A domain within your account gets unlocked for transfer
- Updates are made to the ownership information of a domain name
- The nameserver for a domain is changed to another provider
- Any updates to the DNS settings of a domain are made
This section also allows you to choose between email or SMS as the delivery method of the notification(s).
Account Password
The password can only contain upper and lower case Latin unaccented alphabet letters, numbers, and the following special characters: – _ ! @ # $ % ^ & *
Passwords have a limited range of 8 to 128 characters.
Account Username
The username can only contain lowercase, unaccented letters, numbers, periods, underscores, and the “@” sign. Usernames cannot be modified once created.