

Godaddy now requires you to change your password every 6 months - vaksel
http://www.godaddy.com/gdshop/legal_agreements/show_doc.asp?prog_id=GoDaddy&pageid=UTOS&isc=gdbb1345#section4

======
Brushfire
Ugh. This combined with their forced 60-day lockin after contact change is
pretty bad.

I'm so glad I switched all my domains away from godaddy 6 months ago to
Dynadot. They've been awesome, their interface isnt cluttered to hell, and the
people respond to emails quickly.

------
ratsbane
I'm not happy with Godaddy too. I've got some names with them, some with Enom,
and one through Google (as a reseller for Enom.) I'm happy with Enom except
it's more expensive ($30/year). Google registration is $10/year and has an
easy UI; I may switch to them from Godaddy.

Forcing periodic password changes is a terrible solution. Most people just
increment a counter each time: mysecretpassword123 -> mysecretpassword124. I'd
much prefer to instead give users access to a log of all of their activity.

~~~
josefresco
Isn't Enom one of those scummy registrars who sends those fake invoice
mailings trying to lure domain owners away?

I've had some bad experiences with Enom over the years to say the least.

------
vaksel
This is stupid as hell, if someone steals your password they'll go and exploit
it right away. They won't wait a few months or even days.

~~~
josefresco
I think this is less about hackers and more about forcing people to be more
responsible with their record keeping.

I deal with business owners daily who have no idea who their domain is with,
let alone their username or password. At least this will force them to touch
their domain at least once/year.

~~~
jasonkester
Not quite. It will force them to go through the password recovery process
every time they want to access their account.

Security policies like this make things worse, not better. The only way most
people know to remember a password that changes regularly is to email it to
themselves or post-it it to their monitor.

------
iigs
Perhaps they could take this to the logical conclusion and just require you to
go through the Recover Password steps to access your web page.

I know on every site I have to do this with I end up forgetting the password
(somehow they seem to be coupled with strange character count and type
requirements), and I have to rescue my password anyway. Might as well just
have a login page that says "enter your email address and click 'send' to log
in" and then have it send the cookie to you you continue with.

Site security can not be stronger than the weakest attack vector. Now that the
login vector is so difficult they might as well remove it and just use the
"Change Password" vector as the only way in.

~~~
bemmu
I know you were joking, but that's kind of an interesting idea, using e-mail
as a login solution. To log in to Hacker News for example, you would type your
e-mail address on HN and in response get an email with your session link in
it. With a good enough e-mail reader it might not be as painful as it sounds,
and it would eliminate passwords and there would be no difference between
registering for a site and logging in to a site.

~~~
cstejerean
It would be annoying for some sites because sometimes email can take a while,
but for things you don't use often this kind of solution would work well and
don't mind waiting a bit to log in this could work well.

------
tmchow
While password hygiene is good, forcing you to change every 6 months is
ridiculous.

As others have mentioned, I've always hated the complicated forced 60-day
lock-in with GoDaddy. I"ve tried to avoid them like the plague and use
BlueHost.com instead. Zero hassle, great customer service (and no, I'm not
affiliated with either in any way)

~~~
mjacob
The 60-day thing is an ICANN policy, so you can't really blame GoDaddy for
that. You can, however, blame them for their awful UI and constant upselling
during checkout.

I moved my domains over to NameCheap. They seem kind of amateurish at times,
but they get the job done, and I haven't seen any major horror stories about
them. I was using Dynadot for a while, but the recent 3-day downtime with no
status updates rubbed me the wrong way.

~~~
greyboy
Sorry, that is incorrect in this specific case (the 60-day policy). ICANN only
mentions that a domain can be blocked under certain conditions (according to
ICANN policy):

* Evidence of fraud * Uniform Domain-Name Dispute Resolution Policy (UDRP) action * Court order * Reasonable dispute over the identity of the person authorizing the transfer * Domain name is on hold due to payment owed for a previous registration period * Express written objection from the domain name holder * Domain name is in 'Lock' status (Registrars must provide a readily accessible and reasonable means for name holders to remove the lock status. Contact your registrar for assistance.) * Domain name is within 60 days of initial registration * Domain name is within 60 days of a previous transfer

It is _GoDaddy's_ amendment to those points that adds the 60 day wait on
registrant information changes. From ICANN:

2\. A registrant change to Whois information is not a valid reason to deny a
transfer request.

[http://www.icann.org/en/announcements/proposed-
advisory-19se...](http://www.icann.org/en/announcements/proposed-
advisory-19sep07.htm)

The problem is GoDaddy forced users to click the link that they have to abide
by the 60-day policy in order to update their contact information, which they
claim falls under the point:

* Express written objection from the domain name holder

which is obviously a stretch under the most lenient arguments.

------
zacharypinter
I've been happy with name.com so far. They have decent prices and a clean
interface. Before name.com, I had domains registered through Dreamhost and
Godaddy. Dreamhost, however, doesn't offer many of the top level domains.
Godaddy was a horrible interface that tried to one-up you and market to you at
every painstaking step.

My only wish at this point is that name.com had an API like Enom.

------
natch
Which services have the fastest domain name registration, in terms of the user
experience?

I'm NOT asking about how long the record takes to become active and propagate.
Just the UI.

------
samueladam
I use bookmyname, here are the fees and services:

<http://www.bookmyname.com/offres.cgi?wl=en>

------
jbyers
I've been moving our domains over to Gandi one by one. Just too much baggage
and potential downside with GoDaddy, as has been reported on HN now dozens of
times.

------
bitglory
Is there a good alternative for GoDaddy for registering domains? I've been
sick of them for a while now but this is the straw...

~~~
streety
I moved my handful of domains from godaddy to namecheap perhaps a year ago.
I've had no problems, so couldn't comment on their support, but I've been
happy.

~~~
ConradHex
Namecheap has been great for me, too. I recommend them.

