We have seen a lot of domain theft cases lately. Let me say that again. We have seen a LOT of domain theft cases lately. In the typical scenario, a hacker will often identify, by performing a reverse WHOIS search, an individual or company with a large and valuable domain name portfolio. The hacker will then identify the email address associated with that portfolio, either brute force or social engineer the password for the registrant’s email address account through a variety of nefarious means, and then obtain control over the registrant’s email account and use that account to transfer the domain names away to a foreign, and often uncooperative, registrar.
Often, the domain names within the registrant’s portfolio represent millions of dollars. In those cases, where it makes financial sense to file a lawsuit, we will get a call and, often six to twelve months later and after numerous arguments with the registrar and/or the registry, the registrant will re-obtain control over the domain names. But there is a very simple step that registrars could take, and many find too costly to take, to prevent against this scenario, which is not going away.
Two factor authentication requires a registrant to provide two forms of authentication before allowing the registrant (or the thief) to transfer domain names away from the registrant’s account or take any other action that could potentially be detrimental to the registrant’s rights. It requires confirmation of identity through two means, which typically consist of something that the user possesses, such as a USB encryption key dongle or a phone number, something that the user knows, such as a password, or something that is inseparable from the user, such as a fingerprint. Many registrars have been reluctant to implement two factor authentication and cite cost as a factor; additional authentication methods may require the purchase of additional software or the hiring of additional personnel.
But registrars that do not implement two factor authentication may risk subjecting themselves to a negligence lawsuit under case law that every American law student reads in law school. In The T.J. Hooper, esteemed jurist Learned Hand examined whether a tugboat company should be held liable for negligence for failing to implement a radio as a safety mechanism. During a large storm, the T.J. Hooper, a cargo vessel, sunk, destroying cargo owned by the plaintiff. The plaintiff sued, alleging that the owner of the barge should be held liable for negligence for failing to equip the tugboat with a radio, which would have warned the captain of bad weather. Judge Learned Hand found the T.J. Hooper’s owner liable because he failed to act with due care in failing to install a radio, despite the fact that “everybody’s doing it.” In so ruling, Learned Hand noted, “There are precautions so imperative that even their universal disregard will not excuse their omission.” In re Eastern Transportation Co. (The T.J. Hooper), 60 F.2d 737 (2nd Cir. 1932).
And the same may be true for registrars. Even though many registrars have failed to implement two factor authentication, and though many have only done so for their high net worth clients, there are some precautions that are so imperative to the protection of their consumer’s property rights that even universal disregard will not excuse their omission.
In May 2025, as part of a settlement of litigation involving college football, a new entity was created called the College Sports Commission (“CSC” or “Commission”). See news media reports here and here. Among many other purposes, the CSC will monitor and approve name, image, and likeness (“NIL”) agreements for college athletes. As the term […]
Trademarks are words, designs, symbols, logos, and other things that are used/associated with goods or services that identify the specific commercial source of the goods/services. COCA-COLA, APPLE, and GUCCI are just a few famous examples. If COCA-COLA is on the bottle, consumers know what to expect from the beverage in the bottle. The same for […]
Getting an endorsement deal as a social media influencer may be a seminal event financially and for the progress of your career. However, the question always has to be asked whether your endorsement deal is fair. In other words, are you getting paid what you are worth? There are a number of factors that can […]