How to respond to a user's query: a fantastic example by Hover
A popular story on the Internet today was the tale of how lapse security procedures by PayPal and GoDaddy cost someone their very exclusive twitter account name (@n):
The story exposes how it might not always matter if you use ultra secure passwords, because the sometimes the weak point in any system is the human element. After reading this worrying account, I was moved to contact my own domain registrar (Hover) to find out if the same thing could happen to users of their service.
This is what I wrote:
Hi,
I’m sure you have heard the story today about the twitter user (@n) who had his name hijacked, partly through weak security by GoDaddy.
As someone who also relies on a personal email address tied to my domain name (managed by you), this made me wonder about how likely this risk was with other domain registrars. Can you vouch for the security of your system, and that your phone support staff wouldn’t accidentally divulge important information to someone posing as myself?
Keep up the good work,
K
I wasn't necessarily expecting a reply, let alone a speedy reply, so I was impressed to receive the following response within the hour:
Hey K,
It has been our policy that the phone staff does not give out personal information listed on a Hover account. We also will not make any updates to that account without direct consent after confirming the identity of the person making the request.
We're aware of the story that came out today, and although two-factor authentication has been in development (along with many other new features) it's priority has certainly been escalated. I have linked an article below that we posted a few hours ago on our blog to address any concerns that people may have about account security at Hover in light of this incident.
http://www.hover.com/blog/hovers-security-best-practices/
If you have any further questions, please feel free to contact me again or you can post them in the comments section of that post as well if you'd like.
Kind regards, Michael
What a great response. I'd recommend reading their blog post for more information. Also, I would generally recommend Hover to anyone looking to register a domain name (and not just because they have a great sale on at the moment). They make it fast and easy to get a domain name, and they don't pester you with emails. If you were thinking of using them, please consider using this referral link which would credit me with a couple of bucks.