Security at Nominet

Making sure our registry is secure and resilient is at the heart of what we do. It’s the reason millions trust us to run the .UK domain – and have done for almost 20 years. We bring this same dedication to all our new registries.

Our commitment to security doesn’t stop with our registry. We also collaborate with other organisations to give people the tools and knowledge they need to stay safe online. This includes products and services you can use to protect your domain, and advice about navigating the net safely.

Read on to find out more about our security work.

Two-factor authentication

If security is a top priority for you, consider using our Two-factor authentication (2FA) to make accessing your Nominet Online Services extra safe.

Signing up to use this free service would mean that an intruder would have to gain access to the device where it is installed, as well as know your password or passphrase. It’s available to everyone who uses Nominet Online Services.

2FA is designed to complement our Domain Lock and prevents unauthorised access into your domain portfolio via Nominet Online Services.

Find more information on how to set up two-factor authentication.

DNSSEC – Keeping your domain secure

The Domain Name System (DNS) protocol that underpins our domain registry was first developed in the 1980s, and security wasn’t a key requirement. But now that the internet has grown to be such an integral part of UK and global business, it’s more important to make it secure. This led to the development of Domain Name System Security Extensions (DNSSEC).

Nominet supports DNSSEC as standard for all our registries, including .UK, .cymru and .wales.

EBERO – Providing emergency support

Thanks to our long-standing experience of running a large domain name registry, we’re one of only three Emergency Back-End Registry Operators (EBERO) appointed by ICANN.

As an EBERO, we’re there to help any newly launched gTLD – such as a new branded domain – that encounters technical difficulties. This involves transferring and maintaining the core operations of the gTLD, including making sure the website still works, while they try and fix the problem for the long term.

Operational standards

We’re certified with International standards for Information Security (ISO 27001:2013), Business Continuity (ISO 22301:2019) and IT Service Management (ISO 20000-1:2011). So when you do business with Nominet, you can rest assured our processes are robust and your details are secure.