Two-factor authentication to be required for all .UK and gTLD registrars
Nominet is committed to ensuring the .UK domain and gTLDs it operates are secure and trusted. Following the successful launch of optional two-factor authentication (2FA) for registrars accessing Online Services, in 2014, 2FA will be mandatory for all registrars from 9 May 2017. Other systems and services such as EPP and DAC are not affected.
2FA improves security as an intruder would need to have access to the device where it is installed, as well as know the account password. This increased security will help reduce the risk of DNS hijacking or confidential information being compromised.
2FA is free and Nominet has used RFC 6238 for implementing 2FA which is based on time based passcodes. The Google Authenticator and Authy apps are widely used and are recommended by Nominet.
Further information on account security for registrars and how to set up 2FA is available here.