Ugh. This combined with their forced 60-day lockin after contact change is pretty bad.
I'm so glad I switched all my domains away from godaddy 6 months ago to Dynadot. They've been awesome, their interface isnt cluttered to hell, and the people respond to emails quickly.
I think this is less about hackers and more about forcing people to be more responsible with their record keeping.
I deal with business owners daily who have no idea who their domain is with, let alone their username or password. At least this will force them to touch their domain at least once/year.
Not quite. It will force them to go through the password recovery process every time they want to access their account.
Security policies like this make things worse, not better. The only way most people know to remember a password that changes regularly is to email it to themselves or post-it it to their monitor.
I'm not happy with Godaddy too. I've got some names with them, some with Enom, and one through Google (as a reseller for Enom.) I'm happy with Enom except it's more expensive ($30/year). Google registration is $10/year and has an easy UI; I may switch to them from Godaddy.
Forcing periodic password changes is a terrible solution. Most people just increment a counter each time: mysecretpassword123 -> mysecretpassword124. I'd much prefer to instead give users access to a log of all of their activity.
Perhaps they could take this to the logical conclusion and just require you to go through the Recover Password steps to access your web page.
I know on every site I have to do this with I end up forgetting the password (somehow they seem to be coupled with strange character count and type requirements), and I have to rescue my password anyway. Might as well just have a login page that says "enter your email address and click 'send' to log in" and then have it send the cookie to you you continue with.
Site security can not be stronger than the weakest attack vector. Now that the login vector is so difficult they might as well remove it and just use the "Change Password" vector as the only way in.
I know you were joking, but that's kind of an interesting idea, using e-mail as a login solution. To log in to Hacker News for example, you would type your e-mail address on HN and in response get an email with your session link in it. With a good enough e-mail reader it might not be as painful as it sounds, and it would eliminate passwords and there would be no difference between registering for a site and logging in to a site.
It would be annoying for some sites because sometimes email can take a while, but for things you don't use often this kind of solution would work well and don't mind waiting a bit to log in this could work well.
I've been moving our domains over to Gandi one by one. Just too much baggage and potential downside with GoDaddy, as has been reported on HN now dozens of times.
While password hygiene is good, forcing you to change every 6 months is ridiculous.
As others have mentioned, I've always hated the complicated forced 60-day lock-in with GoDaddy. I"ve tried to avoid them like the plague and use BlueHost.com instead. Zero hassle, great customer service (and no, I'm not affiliated with either in any way)
The 60-day thing is an ICANN policy, so you can't really blame GoDaddy for that. You can, however, blame them for their awful UI and constant upselling during checkout.
I moved my domains over to NameCheap. They seem kind of amateurish at times, but they get the job done, and I haven't seen any major horror stories about them. I was using Dynadot for a while, but the recent 3-day downtime with no status updates rubbed me the wrong way.
Sorry, that is incorrect in this specific case (the 60-day policy). ICANN only mentions that a domain can be blocked under certain conditions (according to ICANN policy):
* Evidence of fraud
* Uniform Domain-Name Dispute Resolution Policy (UDRP) action
* Court order
* Reasonable dispute over the identity of the person authorizing the transfer
* Domain name is on hold due to payment owed for a previous registration period
* Express written objection from the domain name holder
* Domain name is in 'Lock' status (Registrars must provide
a readily accessible and reasonable means for name holders to remove the lock status. Contact your registrar for assistance.)
* Domain name is within 60 days of initial registration
* Domain name is within 60 days of a previous transfer
It is _GoDaddy's_ amendment to those points that adds the 60 day wait on registrant information changes. From ICANN:
2. A registrant change to Whois information is not a valid reason to deny a transfer request.
The problem is GoDaddy forced users to click the link that they have to abide by the 60-day policy in order to update their contact information, which they claim falls under the point:
* Express written objection from the domain name holder
which is obviously a stretch under the most lenient arguments.
I still roll with GoDaddy (despite checkout hell) as I'd rather deal with a massive, faceless corporation then some rinky dink operation that may some day implode.
I've been happy with name.com so far. They have decent prices and a clean interface. Before name.com, I had domains registered through Dreamhost and Godaddy. Dreamhost, however, doesn't offer many of the top level domains. Godaddy was a horrible interface that tried to one-up you and market to you at every painstaking step.
My only wish at this point is that name.com had an API like Enom.
I moved my handful of domains from godaddy to namecheap perhaps a year ago. I've had no problems, so couldn't comment on their support, but I've been happy.
I've found ovh.com to be pretty good, but they've only got localised sites for some European countries (look for the flags at the bottom of the page), so they wouldn't be much help in the US. I've had good experiences with gandi.com, but they aren't the cheapest (anymore.)
Dreamhost is only good as a registrar if you have hosting. If you don't have hosting there and don't plan on it, don't touch them.
I registered a domain with them yesterday - but have separate hosting, so don't need to buy more of it from them. I'm unable to do anything beyond change DNS servers (no custom mx records, for example).
When I contact their support about something, it usually gets a prompt (within 10 minutes) response. But when it deals ith deleting domains, they take forever to respond. And they refuse to let you delete/cancel a domain. Even though ICANN's policy lets you do so for 5 days with the grace period. Since the ICANN still hasn't changed the policy AFAIK.
There are a bunch of good alternatives, apparently. A lot of people point you towards 'Nodaddy.com' when you get sick of godaddy. It has a bunch of horror stories and list of alternatives. Check it out for a big list of alternatives and reviews.
I switched to Dynadot and havent had a bad experience. Their interface is simple, quick, and clean. The pricing makes sense, and their people are friendly and helpful. YMMV.
