Hover Security Standards and Best Practices

Hover uses several layers of protection to keep your account and domains secure, including encrypted passwords, sign-in notifications, two-step sign in, WHOIS privacy, and domain transfer locks. This article gives you a quick overview of each of these features and where to find them in your account, along with how our support team verifies your identity before making changes.

Usernames and passwords

Hover encrypts all stored passwords using high, industry-standard encryption. No one at Hover — including support — can view your account password, and we will never ask you to share it with us.

If you forget your password, you can reset it from the Hover sign-in page. For details on updating your password from within your account, see Changing your Hover account password.

Sign-in notifications

When enabled, sign-in notifications send you an email each time someone signs in to your Hover account, so you'll know right away if it wasn't you.

To turn this on, sign in to your Hover account, then go to Settings > Overview.

Two-step sign in

Two-step sign in (also called two-factor authentication) requires a unique six-digit code, generated by an authenticator app on your phone, in addition to your username and password. See Enabling two-step sign in on your Hover account for setup steps.

To view or change this setting, sign in to your Hover account, then go to Settings > Overview.

Activity feed

The activity feed in your Hover dashboard tracks account events such as sign-ins, new domain registrations, renewals, and changes to auto-renewal settings, so you can spot anything unexpected.

To view it, sign in to your Hover account, then go to Settings > Activity.

WHOIS privacy

Hover includes WHOIS privacy on every domain that supports it, at no extra charge — we believe you shouldn't have to pay to keep your information private. WHOIS privacy replaces your personal contact details with Hover's when someone looks up your domain. It's enabled by default and can be toggled from your account. See Domain WHOIS privacy for more detail.

To manage this setting, sign in to your Hover account and go to the domains overview page, where you'll find the WHOIS privacy toggle.

Transfer lock

A transfer lock prevents a domain from being moved to another registrar without your say-so. Hover supports locking on every domain that allows it, and we recommend leaving it enabled unless you're actively transferring a domain away from Hover. The lock can only be removed from within your Hover account.

To manage this setting, sign in to your Hover account and go to the domains overview page, where you'll find the Transfer lock toggle.

How Hover support verifies your identity

Our support team is trained to make sure that any request to change your account or domains comes from the account holder or someone you've authorized. This sometimes means asking for extra proof of ownership — we'd rather be cautious than risk giving access to the wrong person.

Support cannot view your personal information or access your account without your consent, which you give by verifying your identity (for example, confirming your name and account email address). If we need to access your personal information, account, or mailbox settings, we'll ask you to verify first.

To verify your identity, support sends a four-digit PIN to the primary email address on file, which you'll need to provide back to us. If you have two-step sign in enabled, we'll also ask for the six-digit code from your authenticator app.

Account locking

If Hover detects an unauthorized attempt to access your account — for example, several failed sign-in attempts — we'll lock the account to block further attempts. Support may also lock an account if unusual activity is detected. Only the verified account holder can unlock a locked account.

Next steps

Questions? Contact Hover Support.

How helpful was this article?

Thanks for your feedback!

Do you still need help? If so please submit a request here.