Adding Multi Factor Authentication support

In addition to the recent introduction of adding API keys, now we are adding Multi-Factor Authentication support. Multifactor authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.

Multifactor authentication combines two or more independent credentials: what the user knows (password), what the user has (security token) and what the user is (biometric verification).

We will support the following methods for MFA:

  • Webauthn (FIDO2) supporting Touch or Pin and Touch sensor like Yubikey with secure elements, Software authenticators and also Biometric authentication like Finger, Face, Iris/ Voice recognition.
  • TOTP (Google authenticator)

We offer multiple methods to add an additional layer of security for your account. Read more how to add MFA to your account via our Knowledgebase: How to enable MFA on your account.

.SE & .NU removing forms requirement on transfers and registrant changes.

Last year in the new Registry-Registrar agreement the Swedish registry has made “everyday life easier” by lifting the required transfer form that needed to be filled in when transferring a domain / changing a registrant.

Due to this from February 3rd onward no more manual work is needed with a .SE/NU transfer and every change will have a digital timestamp. The implications and changes in behavior compared to the current situation that you may be used to are:

  •  Domain update with registrant change is not charged anymore.
  • No more registrant change form/mail.
  • External & internal transfers will no longer keep the registrant-as-is when a registrant change takes place during transfer, which may impact those of you using the current behavior.
  • Our generic registrant validation process will take place (and no longer be skipped) for transfers and registrant changes.

GDPR and SSL

Due to the recent developments regarding the public WHOIS and GDPR, limiting the output of WHOIS Servers it has become somewhat more difficult to order an SSL certificate, as email address validation might in some cases no longer be an option due to such restrictions imposed by the GDPR.

Email Validation for DV (domain validated) SSL certificates can only be approved via the default mail addresses known as:

  • admin@example.com
  • administrator@example.com
  • hostmaster@example.com
  • postmaster@example.com
  • webmaster@example.com

For more information regarding the GDPR and the changes to the WHOIS output can be found:

The ICANN WHOIS system is gone, the process for a GDPR compliant WHOIS has started!

However, there are alternatives that are more in the spirit of Art 25 of the GDPR and do not require the processing of possible personal data through a public WHOIS.

These alternatives are:

  • HTTP(s) validation, also known as File based validation.
  • DNS validation.

Below a screenshot with more information how to validate HTTP(s) or via DNS validation for DV SSL certificates via Realtime Register. Navigate to “SSL certificates” on the left tab. Select “Positive SSL” or the “Positive SSL Wildcard” and click on next.

On the next page, you can provide the CSR and for which server software it concerns.

After filling in the CSR and selecting the server software, you can continue to the next page:

Where you can provide the period, contact-handle, validation method or dcvEmailAddress. For the validation method there is the possibility to choose between:

  • E-mail based verification
  • DNS based verification
  • HTTP(S) based validation (file based validation)

For doing the validation via DNS or File-based validation there is a complete documentation and how-to via https://support.comodo.com/index.php?/Knowledgebase/Article/View/791/0/alternative-methods-of-domain-control-validation-dcv