Identity Digital Tightens Registrar Support Authentication: What Registrars Should Know

The domain name industry has always depended on trust. Registrars manage assets that can be extremely valuable — not just financially, but operationally for businesses and organizations around the world. A single unauthorized change to a registrar account, an EPP password reset, or a registry lock modification can potentially disrupt hundreds or thousands of domain names.

With this reality in mind, Identity Digital has announced an important update to its Technical Support authentication process, effective 2 April 2026. The goal is simple: reduce the risk of registrar impersonation and ensure that sensitive support requests are verified through stronger operational controls.

For registrars working with Identity Digital TLDs, this change is worth understanding and preparing for.

Why This Change Matters

Over the past several years, registries and registrars alike have faced increasingly sophisticated social engineering attempts. Attackers often try to impersonate legitimate registrar employees in order to obtain sensitive information or request operational changes.

Support channels — especially email — are common targets because they can sometimes be exploited through spoofed identities or compromised accounts.

Identity Digital’s new authentication process directly addresses this risk. By moving all confidential requests into the Registrar Portal and adding a phone verification step, the registry is creating a stronger chain of authentication before any sensitive action is executed.

From a security perspective, this is a positive step and aligns with the broader industry trend of tightening operational controls around registrar access.

What Is Changing on 2 April 2026

Starting on 2 April 2026, Identity Digital Technical Support will only accept requests involving confidential data if they are submitted through the Registrar Portal.

Email requests for confidential operations will no longer be accepted.

Once a request is submitted through the portal, Identity Digital’s technical support team will verify the request by calling the web user associated with the account using the phone number listed in the Registrar Portal. This additional verification step ensures that the person initiating the request is authorized and reachable through the official registrar contact details.

The change specifically affects several operational requests that registrars frequently submit.

Requests that must now be submitted through the Registrar Portal include IP subnet change requests, registry lock or domain updates, EPP password resets, report or data requests, and account or configuration change requests.

General enquiries that do not involve confidential information can still be submitted via email or through the Registrar Portal.

Operationally, this means registrars must treat the portal as the primary interface for sensitive technical support interactions with Identity Digital.

Preparation Steps for Registrars

Identity Digital has asked registrars to ensure their portal configuration is properly set up before the new process goes into effect.

The most important step is confirming that the appropriate staff members have active web user accounts in the Identity Digital Registrar Portal. These web users are authorized contacts who can log into the portal and submit support requests.

Registrars should also review and verify that the contact information for all web users — especially phone numbers — is accurate and up to date. Since Identity Digital will call the listed contact to confirm requests, outdated information could delay critical operational changes.

This is a good moment for registrar operations teams to review who has portal access and whether those permissions still reflect the organization’s internal structure.

How Requests Will Be Submitted Going Forward

Once the new process is live, support requests involving confidential data must be submitted through the Identity Digital Registrar Portal.

Registrars can log in at https://registrar.identitydigital.services

Inside the portal, requests can be submitted using the support web form or through the built-in chat support feature.

Using the web form, the process is straightforward. After logging into the portal, registrars can navigate to the Support section, select “Contact Support,” complete the form describing the request, and submit it for processing.

Alternatively, registrars can initiate a support conversation through the chat interface available within the portal.

After the request is received, Identity Digital Technical Support will verify the request by calling the web user listed in the portal before executing the requested change.

For general enquiries that do not involve confidential data, registrars can still use the traditional support email channel.

A Sign of a Maturing Security Model

From an operational standpoint, these changes reflect a broader evolution across the domain name industry. Registries and registrars increasingly treat account-level operations with the same level of scrutiny as financial systems or infrastructure platforms.

Authentication, multi-channel verification, and tighter access controls are becoming standard practice.

For registrars, adapting to these processes is part of maintaining a secure environment for customers and protecting domain name assets from unauthorized access.

Identity Digital operates a large number of gTLD registries, and its registrar support infrastructure is used daily by hundreds of registrar partners worldwide. Strengthening authentication around this interface is a logical step as the ecosystem grows.

Advice for Registrars

For registrar operations teams, the best approach is to review portal access now rather than waiting until the new process is enforced.

Ensure that key technical and compliance staff have web user access, confirm that their contact information is correct, and communicate the upcoming change internally so support teams know that confidential requests must go through the portal going forward.

Small operational adjustments like this can prevent delays when urgent requests arise — especially for actions such as EPP credential resets or registry lock updates.

Final Thoughts

Operational security continues to become more important across the domain name ecosystem. As registries introduce stronger authentication procedures, registrars should treat these changes not as obstacles but as safeguards for the infrastructure they manage.

Identity Digital’s updated registrar authentication process is ultimately about reducing risk and ensuring that sensitive account actions are executed only after proper verification.

For registrars managing large domain portfolios or supporting enterprise clients, that added layer of protection is a welcome development.

As a consultant working closely with registrars on accreditation, operations, and registry integrations, I often advise teams to treat registry portals and support channels as critical infrastructure. Processes like these reinforce that mindset — and help make the domain name ecosystem more secure for everyone involved.