Skip to content
Blogpost in
domains

Why is the AuthInfo code so important?

Laptop screen with code - representative of auto-infocode - and a hand on the keyboard. In the background is a circle and an icon for encryption.
time to read icon 4 Min

The AuthInfo code plays a central role when changing providers. This article looks at what exactly it is, where you can find it and what to do if you don't have one.

Published by

Author

Birgit Berger

Date

2023/04/19

The AuthInfo code is an alphanumeric password that provides security for domain transfers when changing providers. Top-level domains are protected by such a code and it is essential for the owner in order to manage a domain at a new provider.

The code is an important identifying feature for the new registrar, enabling them to validate the ownership of a domain. It unmistakably identifies the legal owner or admin of a domain and must be submitted when carrying out a domain transfer to make sure that domains are not transferred without permission.

What exactly is an AuthInfo code?  

An AuthInfo code is generated by the registrar for each and every registered domain and can be understood as a kind of password that only the registrant knows. This alphanumeric authentication code consists of an individual combination of numbers, letters and special characters. It is always uniquely assigned to a single domain.

An AuthInfo code (also known as authorization code, auth code or transfer code) is a code created by a registrar to identify the owner of a domain (also called registrant) of a generic top-level domain (gTLD) that is operated under contract with ICANN. (ICANN)

Where can I find the AuthInfo code?

Where exactly you can find the AuthInfo code differs from provider to provider. Sometimes the code can be found in the service area or settings. Very often, the registrant must contact the provider to request it. Registrars are obligated to provide the AuthInfo code when it is requested – in many cases, it is automatically generated when a request for a provider change is submitted.

At InterNetX, registrants can generate the Authinfo code in AutoDNS for domain transfers by following this click route:

→ Domains → Portfolio → Authinfo → Create AuthInfo

illustration of the domain transfer process in AutoDNS, highlighting the insertion of the AuthInfo (EPP) code for a seamless transition.

Find perfect domains

When do I need the AuthInfo code?

The AuthInfo code plays an important role when transferring a domain to another registrar. It is not possible to initiate a domain transfer without this code as the new registrar will request it before a domain can be migrated.

This step serves as protection for all parties involved in a domain transfer process as it prevents domains from being transferred without proper authorization.

The code is therefore absolutely essential in order to initiate a provider change as it provides proof of authorization and ensures that a domain transfer is not initiated without consent. If you are planning a provider change, you should find out about how to get your authorization code as soon as possible.

To ensure a successful domain transfer, first confirm that you are the domain holder and that the domain was registered more than 60 days ago with no transfers in the previous 60 days. Next, unlock the domain at your current registrar and obtain the EPP code, which is essential for the transfer process.

The AuthInfo code was introduced in order to prevent domains in use from being “hijacked” in order to damage the reputation of the company or person or even demand the payment of ransom. This form of abuse occurred regularly before the introduction of the AuthInfo code. Nowadays, domain owners only need to fear such abuse if third parties manage to get hold of the access details at their hosting provider. 

Caution: In order to avoid an unwanted domain transfer, you should never reveal the AuthInfo code to others.

In general, when the contract with your current provider expires, the AuthInfo code will automatically be sent to you.

AuthInfo codes at DENIC

Although the AuthInfo code is implemented for many top-level domains, it isn’t used for all TLDs. However, for domain extensions that are registered frequently – such as the ccTLD .de – AuthInfo codes are generally the rule and form part of the safety net. As the operator of .de domains, DENIC eG is another authority that checks the AuthInfo codes in the event of a domain transfer and can also prevent them if the wrong code is entered. The DENIC database does not store the AuthInfo codes in plain text, but exclusively as an encrypted list.

In order to guarantee even better security, new AuthInfo codes are generated for each request. As these passwords are meant to be used for migration and provider changes, the codes expire after 30 days

Tip: In order to avoid any confusion for users when they enter their AuthInfo code, a few characters have been banned from use. These include the capital “L” and small “l”, capital and small “O”, as well as the numbers 0 and 1. This helps to avoid errors when manually entering the AuthInfo code and makes sure that you can move to another provider with your website easily and securely, without losing your domain or customers

The procedure also works if your old provider no longer exists or does not respond to your request. In these cases, DENIC can simply mail your AuthInfo code to the postal address specified at registration.

Register domains in AutoDNS icon-arrow--right