Chose your color

Frequently visited

Frequently asked questions

  • I am looking for a domain name registrant. Where can I look it up?

    The Whois is an easy-to-use tool for checking the availability of a .nl domain name. If the domain name is already taken, you can see who has registered it.

    On the page looking up a domain name you will find more information about what a domain name is, how the Whois works and how the privacy of personal data is protected. Alternatively, you can go straight to look for a domain name via the Whois.

  • I would like to transfer my domain name to another registrar. What is the procedure?

    To get your domain name transferred, you need the token (unique ID number) for your domain name. Your existing registrar has the token and is obliged to give it to you within five days, if you ask for it. The procedure for changing your registrar is described on the page transferring your domain name.

  • The details registered about me/my company are incorrect or out of date. How can I get them updated?

    To update the contact details associated with your domain name, you need to contact your registrar. Read more about updating contact details.

  • Why is my domain name in quarantine?

    When a domain name is cancelled, we aren't told the reason, so we can't tell you. You'll need to ask your registrar. The advantage of quarantine is that, if a name's cancelled by mistake, you can always get it back.

    One common reason is that the contract between you and your registrar says you've got to renew the registration every year. If you haven't set up automatic renewal and you don't renew manually, the registration will expire.

  • Ik heb een klacht over mijn provider/registrar. Kan ik daarvoor bij SIDN terecht?

    Wanneer je een klacht hebt over of een geschil met je registrar dan zijn er verschillende mogelijkheden om tot een oplossing te komen. Hierover lees je meer op pagina klacht over registrar. SIDN heeft geen formele klachtenprocedure voor het behandelen van een klacht over jouw registrar.

  • What conditions do I have to meet as a registrar?

    Would you like to be able to register domain names for customers or for your own organisation by dealing directly with SIDN? If so, you can become a .nl registrar. Read more about the conditions and how to apply for registrar status on the page becoming a registrar.

More frequently asked questions

Adding a number to 'welcome' doesn't make it a strong password

How to make sure the passwords used in your organisation are secure

  • Monday 12 October 2020

In the first episode of our Dutch-language podcast series Maak jouw bedrijf cyberweerbaar ('How to Boost Your Business's Cyber-resilience') ethical hacker Rickey Gevers pointed out that the use of weak passwords remains one of the main flaws that cybercriminals use to get through organisations' defences. Even if ninety-nine of your hundred staff have strong passwords, things can still go wrong. Because just one weak password makes the whole organisation vulnerable. And it's simply a matter of time before that vulnerability is exploited.

Problems at the top

Insecure passwords remain a problem for many organisations. As Rickey says in our podcast, "It's often at the top of the organisation that things go wrong. Maybe the CEO will think that remembering a strong password is a bit of a nuisance and opt for 'welcome01', 'welcome02' or 'welcome03', depending on how often he changes his password. And the technical staff will feel that they've got to make an exception for the boss. Hackers know that's the way things often work, so they start at the top when looking for a way in. And, more often than not, they find one. Another plus for hackers is that managers usually have more system permissions, so cracking an exec's password tends to mean hitting the jackpot."

Awareness

Use of weak passwords is a persistent problem. We all know that security makes sense, but somehow the threat tends to seem remote. "Often, the need to act only hits home when people are shown their own password," says Rickey. There are various online tools that tell you whether a password has been leaked. Examples include scatteredsecrets.com, Have I been Pwned and the tool made available by the Police. Or maybe you can spot your password in the following list of the hundred most frequently cracked Dutch passwords in 2019 and 2020.

abcd

123456

wachtwoord

abc123

qwerty

123456789

1234567

welkom01

12345678

amsterdam

welkom

voetbal

geheim

1234567890

jemoeder

hallo123

koko12345

12345

rotterdam

computer

vergetern

feyenoord

qwertyuiop

mercedes

Welkom01

paarden

qwerty123

12345678910

nederland

telefoon

Source: scatteredsecrets.com.

It's important that everyone recognises that a weak password puts the whole organisation at risk. The point therefore needs flagging up repeatedly and frequently. Ask people to check that their passwords aren't in the cracked list or known to the online tools. If so, there's a possibility that their passwords are known to cybercrooks. Anyone with a suspect password should be urged to swap it for a strong one as a matter of priority. The following tips will help them come up with something better.

Devising strong passwords

When setting a password, always go for something long and complex. A password like that is hard for a hacker or computer to work out.

  • Never use obvious words or phrases, such as the names of loved ones, number sequences (1234) or logical keyboard character strings (qwerty). Things such as welcome1 or words that you can find in a dictionary are also easy to guess.

  • Your password should have at least thirteen characters. The more characters, the more secure it'll be.

  • It's a good idea to use a sentence, e.g. a saying or a song lyric. A sentence is longer and harder to crack than a single word.

  • Combine the sentence with numbers and special characters, and include both lower-case letters and capitals.

  • Where possible, use two-factor authentication: a set-up where, after entering a password, you have to verify your identity in order to access your account. Verification is usually on the basis of a code provided by or sent to a different device (e.g. your phone).

  • Use a different password for each account. Then, if there's a security breach, the hackers will only get access to that one site or application.

Tip: use a password manager

Counting personal and work accounts, lots of people have thirty passwords. Unfortunately, though, most of us find it well-nigh impossible to remember that many long passwords. And writing them down or saving them on a phone or in a mailbox really isn't secure. So it makes sense to encourage your staff to use a password manager. Then they'll each have a 'digital safe' to lock up their passwords. Instead of needing to remember umpteen passwords they dreamt up ages ago, each staff member simply has to know the master password to their personal password manager. That master password does, of course, have to be super-strong. So it's a good idea to use two-factor authentication to control access to the password manager. When choosing a password manager, go for one that saves your passwords in encrypted form. Here are some (free) password managers to consider:

Listen to our three-part podcast series on cyber-resilience for SMEs

Hosted by Chris van ’t Hof, the Dutch-language podcast series 'How to Boost Your Business's Cyber-resilience' explores what SMEs need to know and what they can do to guard against attacks. Every episode is packed with practical advice for SMEs. The podcasts are available from: