OpenProviderOpenProvider logo

Security Audit: Managing your contacts

In the second installment of Openprovider’s security audit series, the focus turns to contact management — one of the most overlooked but consequential security surfaces in any domain portfolio. Keeping registrant contacts accurate and locked down is a small habit with outsized protection value, and this post explains exactly how to get it right.

Brendan Boyle
Brendan BoyleContent editor specialist
0 MIN READ TIME
06/01/2017
openprovider blog about domains

security audit: managing your contactsThis is our second post in a series explaining the security practices we are implementing at Openprovider and offering guidance and tips you can follow. In this post, we will talk about best security practices when it comes to managing your contacts.

In the previous post of this series, we discussed how to protect individual contact for the Openprovider reseller control panel. Briefly summarized, our main here advice is to:

  • Use strong and unique passwords. Make sure you use unique passwords for each of your accounts, whether they are for business or personal use;
  • Change your passwords regularly. Openprovider sends you an automatic reminder for this every 180 days;
  • Always use two-factor authentication.

Managing your contacts

In this follow-up blog post we offer some advice for managing your contacts in order to maintain the security of your reseller account in general (RCP and API). The following steps should be part of a regular security audit:

  1. Login to the RCP with an admin contact. Review the list of current contacts to make sure contact data, especially email addresses, are correct and up to date with employment status. Delete all obsolete contacts.

  2. Make sure that each contact is used by only one person. Create additional accounts if needed.
  3. Disable API access for each contact where it is not needed. Usually only one account is needed for each integration.
  4. Make sure that all contacts have two-factor authentication enabled. If needed, educate your staff on the importance of two-factor authentication and how to use it. You can find more information on this in our previous blog post on password security.
  5. Consider using the IP whitelist functionality to limit RCP and API access to only IP addresses in your network. Developers working from home can access the RCP/API using VPN. To do this, go to RCP->Account->Account Overview-> Select a contact and click Edit.
  6. Consider using a password manager, like 1Password or Lastpass. A password manager lets you conveniently use and store strong and unique passwords.
Brendan Boyle
Brendan Boyle

0 Views
0 Likes

Stay informed of product updates, industry news, and other important alerts.

Sign Up for Our Newsletter

How to fix ‘ERR_SSL_PROTOCOL_ERROR’ on Google Chrome
4/23/2026
Business Advice

ERR_SSL_PROTOCOL_ERROR: what it means and how to fix it

Fix err_ssl_protocol_error in Chrome now. Learn the main causes, quick checks, and server-side HTTPS fixes to restore a secure connection.

Preparing your domain and hosting infrastructure for the vibe coding era
3/18/2026
SSLs and Security

Preparing your domain and hosting infrastructure for the vibe coding era

What registrars, hosting providers, and resellers need to know about vibe coding - and why your domain and hosting stack is already part of the attack surface.

Is your business email at risk? Why DMARC matters in 2026
2/27/2026
SSLs and Security

Is your business email at risk? Why DMARC matters in 2026

Help your clients secure their emails with EasyDMARC and and ensure deliverability in 2026 and the years to come.

Image not found

Not a Member yet?

Become a Member today and get access to exclusive deals.

Sign up