Three Factor Authentication Provided by DynaDot

Domains getting stolen is not new. Like every valuable object in the world, premium domains are susceptible to being taken. What differs is the mechanism by which these are stolen compared to physical objects. Usually, it’s one of these methods:

  • Phishing attacks: These manifest when users are tricked into clicking on links that mimic the real URL and site and the user is led to believe that they are on a legitimate site. Once the user enters the credentials on these illegal/fake sites, the password is stolen.
  • Simple/Obvious passwords: Having simple or obvious passwords is the biggest reason why passwords are a weak form of security. There are various reasons for users having weak passwords, but its a reality that we live in today.
  • Social Engineering: In this form of attack, the attacker tries to impersonate a user (when interacting with a registrar) or impersonate a registrar (when interacting with a user) and somehow gain access to to the domain(s). Social engineering predates the internet and can be as old as any trick.

There may be other forms of attacks in the wild as well, but the ones as mentioned above are the most common ones. In the past few years, as stolen domains are becoming a big issue and registrants wanting some more security, the registrars started offering two-factor authentication. With two-factor authentication, in addition to a password, some other form of authentication is used. Most commonly, the second form of authentication is something that the user possesses exclusively with him/her. These days, the second form of authentication involves a code that expires in a short span of time and is SMSed(texted) to the registrant after with authenticating with a correct password. So, the user enters the SMSed code to gain access to their account. This is another layer of security in case the password is compromised.

In my opinion, this a big step up by registrars to provide extra service to its customers. But, keep in mind that two-factor authentication is NOT a silver bullet against names being stolen, it just makes stealing harder. For example, it is possible that an attacker can social engineer the telecom company to transfer the SIM card to them (attacker). See these two links about how SIM cards can be compromised: Link1 and Link2. When this happens, the attacker can receive SMSs from the registrar for authentication and along with the compromised password, gain access to a user’s domains. DynaDot, a registrar, have recently come out with a different approach to preventing domains from getting stolen. Instead of using SMSs for authentication, DynaDot uses Google Authenticator  to authenticate user along with username and passwords. Google Authenticator is an APP that generates a time-based (60 seconds)one-time password and can be used to log in. However, even after the user logs in, the account is still secure, as the transferring domains out or getting EPP code requires unlocking the account again. The unlocking of the account requires:

  1. Month and date of birth
  2. The token code from Google Authenticator
  3. A token code from SMS

As you can observe from the above, getting all the three above could be challenging. Another reminder that these are extra layers of security which decrease the chances of domains being stolen, but not 100% secure. Also, note with DynaDot, after an account is unlocked after correctly entering the above three pieces of information, the account gets locked automatically after 60 minutes.

In the future, I expect that that biometrics being ubiquitous and would be used to secure domains.

Disclaimer: This is NOT a paid post.

If You Are a .in Domainer , Why Should You Blog ?

This blog had its first post in 2011, and now it is 2016 and I have managed to score about 30 posts before this one. I admit to some extended pauses in blogging, but the good news is that my most recent attempt at resuming blogging has me posting about 25 blogs so far. What I’ve realized about blogging is that it’s hard to be disciplined enough to blog on a regular basis. There are other factors influencing this as well:

  • What do I blog about? This is the hardest part when it comes to blogging, especially regarding the .IN domain space, which is a ccTLD. There simply isn’t much happening in such a short time span; so thinking up a topic to write about takes a lot of creativity.
  • How large is the audience? When I first started blogging there were not a lot of .IN domainers out there, so the largest audience I would possibly reach was about 10 to 20 enthusiastic followers of my niche extension. It has since improved so the audience size has grown substantially, which makes getting feedback and encouragement a lot easier.

There are a few other factors, like setting up the blog, getting a reliable host, beautiful templates, the appropriate plugins, etc., but now that it’s 2016 these are no longer issues. If I’m missing something, please let me know.

Now that I’ve discussed the hindrances of blogging in the .IN domain space, what are some of the positives?

The most important factor is that you can spread awareness about the extension. This is vital if you have invested in .IN domains. The Indian registry, which didn’t promote .IN until a few months ago, has now started doing social media campaigns, although this isn’t enough. As responsible .IN domainers, we can control our own destiny blogging on a regular basis to give .IN ccTLDs more name and brand recognition among the other extensions.

Other benefits:

  1. Earn money blogging: The easiest way to earn money by blogging is to put up ads.
  2. Improve writing skills: Not everyone is a good writer, so writing blogs helps us think more clearly so that we can enhance our written communication skills, which will serve us well when working at a job.
  3. Make friends in the industry: The domaining industry is still quite small, so it is possible to know a lot of them. Blogging can help you make more friends and/or acquaintances.

Please do not think of me as being patronizing in this post. I’m just trying to encourage more .IN domainers to start blogging. I would also appreciate it if you would leave feedback as to what you think and any suggestions as to how I can improve.

PM Modi’s Startup India Campaign

On India’s 69th Independence Day, Prime Minister Narendra Modi announced a campaign from the ramparts of the Red Fort which he named “Startup India” and on 16 January 2016, exactly after the five months of his announcement, he launched the “Startup India” campaign from the Vigyan Bhavan, New Delhi. The organizer of “Startup India” campaign is Department of Industrial Policy and Promotion (DIPP). Startup India has two other branches – “Standup India” (promoting entrepreneurship among SCs and STs) and “Deen Dayal Upadhyay Swaniyojan Yojana” (rural India’s version of Startup India).

Startup India

What is a Startup?

Startup is an entity, working towards innovation and development driven by technology or intellectual property, with annual turnover not exceeding INR 25 crore in any preceding financial year and incorporated or registered in India not prior to five years.

What is the Objective of Startup India?

The prime aim of the Startup India campaign is to encourage startups with job creation by promoting bank finances, restricting role of States in policy domain, providing hassle-free work environment and to get rid of “License Raj”. The main intention behind this flagship initiative of the Government of India is to create a strong eco-system which will nurture the budding startups to promote innovation that will drive sustainable economic growth and which will further generate large scale employment opportunity.

What was the need for Startup India Initiative?

Indian economy has seen a lot of crests and troughs since the period of Indus Valley Civilization. There are ample evidences to show that during the ancient periods like that of the Indus Valley Period, India’s economy and trade was very prosperous and the reason behind this prosperity was that there were least shackles in the path of economic growth. Economic hurdles became more prominent with the passage of time when different rulers ruled over the Indian sub-continent and it approached at its worst level during the British rule.

When India became a republic after its independence, it adopted a socialist-inspired economic model having elements of capitalism which further suppressed economic growth for several decades. From 1950s to 1980s, the economic growth rate of India stagnated at around 3.5% which was termed as “Hindu rate of growth” by an Indian economist Raj Krishna. After a marathon policy-making process, India devised newer policies in 1990s which was termed as “economic liberalization” and these policies boosted the economic growth to some extent, however, the desired results were still awaited as India was still at the bottom in the list of ease of doing business.

In 2014, after the establishment of NDA Government at the centre, either earlier policies were redrafted or some newer policies were introduced to which “Startup India” is an add-on. According to a report by NASSCOM, India has emerged as the youngest Startup nation in the world with over 72% of founders being less than 35 years old and with over 4200 Startups, India has emerged as world’s third largest base for the Startups and to cash this demographic dividend, the concept of “Startup India” was envisaged by the Government of India.

Action Plan of Startup India

  • Self-Certification: Allowing Startups to focus on their core-business by reducing the regulatory burden and keeping the compliance cost low.
  • Startup India hub: Single window system for Startups to enable knowledge exchange and access to funding.
  • Fast-tracking Patent Examination and Legal Support: Providing access to high-quality Intellectual Property services and resources to startups and rebate in patent application fees.
  • Mobile app and Portal: Providing a single platform for Startups to interact with Government and Regulatory Institutions for all the information and business needs.
  • Public Procurement for Startups: It is mandatory for State Governments and PSUs to procure at-least 20% from the Micro Small and Medium Enterprise (MSME).
  • INR 1000 crore Support Through a Fund of Funds: With an initial corpus of 2500 crore and total corpus of 1000 crore, Government will set up a fund for a period of 4 years. The nature of fund will be of Fund of Funds which means that it will not be routed directly into Startups, but through the capital of SEBI registered Venture Funds.
  • Credit Guarantee Fund: Encouraging banks and other lenders to provide Venture Debt to Startups.
  • Exemption of Tax on Capital Gain: Startups investing their Capital Gains in the Fund of Funds shall be given exemptions on their Capital Gains.
  • Tax Exemption for 3 Years: To provide a competitive platform to Startups, the profits of Startup initiatives are exempted from income-tax for a period of 3 years.
  • Exemption of Tax on Investments Above Fair Market Value: It will encourage seed-capital investment in Startups.
  • Startup Fests: Government is planning to introduce Startup Fests at national and international stages which will provide a platform to Startups to showcase their ideas and work with different audiences and other Startups.
  • Atal Innovation Mission with Self-Employment and Talent Utilization (SETU) Program: Providing a platform to promote innovations and give support and guidance to Startups to become successful entrepreneurs.
  • Harnessing Private Sector Enterprise: Government is planning to set-up incubators across the country in public-private-partnership and harness the expertise of private sector to promote the innovation among the Startups.
  • Innovation Centres and National Institutes: Government has proposed to set-up Innovation Centres and National Institutes across the nation to propel successful innovation through augmentation of incubation and R&D efforts.
  • Easy Exit for Startups: Government has proposed a simple exit policy for Startups if they fail in the process. It will encourage new Startups as they would not fear the lengthy exit process.

The architecture of this Flagship scheme seems quite robust, however, it is in its embryonic stage and hence it requires proper nourishment to develop in a healthy adult and that will only be possible by the effective implementation of the embedded features of this campaign-cum-mission i.e. “Startup India”.