NameCheap Hosting — FAIL!!
I have a few small sites hosted by NameCheap, nothing important, just something for all of those small sites you accumulate over time. I wanted to change the main domain so I placed a request through their ticketing system, which is independent of their main site so you have to register and setup another username and password.
I then received the following canned reply:
In order to verify your account with us please provide the following information:
Your full name:
Your local address:
Email address you signed up with:
Last order or transaction ID:
Current domain name:
New (desored) domain name:
NameCheap account username:
Once you have confirmed the above details, we will process your request.
Despite the obvious typo I objected to providing *all* of the information. My original request had the “new (desored) domain” in it and the current domain was added through a separate field when I filed the request.
But why do I have to prove who I am and provide so much information that it makes my simple request onerous. Surely, there’s a problem with the system if the ticketing system, billing software and domain management system are not linked. If I had a keylogger on my computer I’d have given away so much information in one go and anybody snooping would only be a few passwords away from taking over my domain portfolio. Why don’t they just ask me for my hosting password and get it over with?😉
I’ve been a NameCheap customer for many years but not even my bank asks me for this much information to verify my identity.
It looks to me like it’s time for a change because if the systems are this poorly engineered I’m not sure the hosting environment will be any better.
Anybody recommend a good domain management or hosting provider?
All I did provide was the invoice number of my last hosting bill (proving I had access to the registered email account) and my domain management account name (proving I owned the current and the new domains). They could have asked me for the first 6 digits of my credit card number used for the hosting account, or any other random digit, or even a few. They could have also asked about some configuration element in the hosting package, such as an email forwarder, the amount of free space remaining, number of domains etc. Anything else that would be hard to obtain from merely hacking my email account.