What is an Auth Code


What is an Auth Code

Domains that are in the form of .com  .info, .biz, .org and .net TLDs use EPP, a registry protocol for communicating between the registry and registrars. As per this protocol, the auth code of a domain is a small and random code that gets assigned to every domain name and becomes a requirement when a domain name needs to be transferred to another registrar.

This code is very much like a PIN to a credit card as it adds additional layer of security for the domain. It is to make sure that the person who is attempting to transfer a certain domain is, in fact, the owner of that domain and not some hijacker trying to promote a fraudulent activity. Unauthorized transfers can, thus, be stopped with the help of this code.

All the registrars must furnish the authcode of a domain to a registrant when they are requested to, or better yet, by allowing a mechanism in the user interface that sends the code to the administrative contact of the domain or lets them view it.

This means that for transferring a domain to another registrar, three things are required –

• The Email Address of the Administrative Contact – This address should be a working address through which one can receive important mails.

• Turn Off the Registrar Lock – When the transfer gets initiated, the transfer lock or the registrar lock much be turned off. If this is not done, when the transfer is started by the registrar, it would be an immediate failure. Again, the registrar should either allow a mechanism in the user interface that allows registrants to turn off this lock or they should do so themselves on the request of the registrant. For the sake of security, the transfer lock should be “On” at all times, unless a transfer requires to be facilitated, in which case it can be turned “Off”.

• Auth Code or EPP – There are many hijacking attempts on a popular domain and to avoid that, the authcode becomes important. When the transfer request is initiated, the auth code is used for confirming such a transfer and its legitimacy. This improves safety, combined with the other two protocols mentioned in the above points.

For finding a domain’s authcode, the registrar could be contacted and the code could be requested from them. In most cases, however, the UI is such that by visiting the account center and looking into tools related to the domain, the code can be easily obtained.

Leave a Reply