My registrar refuses to give me my authinfo, what should I do?

This is illegal: the AFNIC contract requires every registrar to provide the authinfo free of charge and at the holder's request. First insist in writing, citing this contractual obligation. If the registrar still refuses, report the incident to AFNIC customer service at support@afnic.fr, specifying the domain name, the registrar involved and the dates of your requests. AFNIC can then intervene directly.

How much does an authinfo cost?

The authinfo is completely free. No registrar may charge you for it: this is a rule imposed by the AFNIC contract. If your registrar asks you to pay to retrieve your authinfo, refuse and report the incident to AFNIC.

How long does a .fr domain name transfer take?

The transfer itself generally takes between a few hours and a few days. The AFNIC rule: if the outgoing registrar does not explicitly object (rare cases: domain in SYRELI, missing payment, etc.), the transfer is automatically validated after 5 days. Most major registrars speed things up by validating immediately, so the transfer may take only a few hours.

Does my domain keep working during the transfer?

Yes, completely. The administrative transfer (change of registrar) affects neither DNS nor the technical configuration. Your site remains accessible, your emails continue to work, and the new registrar keeps the same nameserver configuration as the old one.

What is the difference between clientTransferProhibited and serverTransferProhibited?

clientTransferProhibited is a lock activated by the registrar at your request (free, you can remove it yourself). serverTransferProhibited is a lock activated by AFNIC itself, generally in the context of a special procedure (ongoing SYRELI dispute, administrative challenge, etc.). You cannot remove serverTransferProhibited yourself: only AFNIC decides.

I have just bought a domain via a snap service, should I change the authinfo?

It is an excellent precaution. Ask your new registrar to regenerate a strong random authinfo as soon as the transfer is effective. This invalidates any authinfo that might have been retained by the former holder or intermediary, and blocks fraudulent recovery attempts on the domain. This operation is free and instantaneous.

If I lose my authinfo and my registrar cannot find it, is my domain lost?

No, never. The registrar can always regenerate a new authinfo via the AFNIC interface (technical 'update authinfo' operation in EPP). If your registrar does not know how to do this, explicitly ask for the regeneration of the authinfo via the EPP update command. The operation is free and takes a few seconds. If even this operation fails, contact AFNIC directly for intervention.

Guide

AFNIC auth code (authinfo): retrieve, transfer and secure your .fr domain name

27/05/2026 · Milodomain Team · 8 min read

Milo, the Milodomain mascot, presents a key symbolising the AFNIC auth code (authinfo) required to transfer a .fr domain name.

You wish to transfer your .fr domain name from one registrar to another: for example because you are changing host, consolidating your domain names with a single operator, or because you have just bought a domain and want to take control of it. The cornerstone of this entire procedure boils down to eight letters: authinfo, more commonly called the "auth code" or "authentication code". Without it, no transfer is possible. With it (and in the wrong hands), your domain can slip away in a few minutes. Here is exactly how this code works, how to obtain it, how to use it properly, and how to prevent it from being stolen.

What is the auth code (authinfo) for .fr?

The authinfo is a unique technical password associated with each .fr domain name. It serves as the sole proof of ownership during a transfer operation between two registrars. The rule is simple: if you possess the authinfo, you can transfer the domain elsewhere. If you do not have it, you cannot. It is as simple: and as critical: as that.

This mechanism was standardised by the IETF in RFC 5731 (EPP extensions for domain names), and AFNIC applies it with a few specific rules. Concretely, at each creation of a .fr domain name, the registrar generates an authinfo and stores it on the AFNIC side in the domain's technical record. The holder may at any time ask their registrar to retrieve this authinfo, free of charge.

AFNIC rules for the authinfo

AFNIC imposes several constraints documented in the AFNIC Procedure Guide:

Minimum length: 12 characters. Not shorter, otherwise the operation will be rejected on the AFNIC side.
Maximum length: 32 characters.
Mandatory composition: at least one lowercase letter, one uppercase letter and one digit. No authinfo made of letters only.
Allowed characters: Latin letters, digits, and certain limited special characters. No spaces or emojis.

A fundamental point, often forgotten: the registrar is required to provide the authinfo free of charge to the holder at any time, upon simple request. This obligation is set out in the AFNIC framework contract that binds the registry and all accredited registrars. A registrar that refuses to transmit the authinfo or that charges for it is exposed to sanctions from AFNIC. If you find yourself in this situation, you can report the incident directly to AFNIC customer service.

How to retrieve the authinfo for your .fr domain name

The procedure to follow depends on your registrar. Here are the most common patterns:

With major consumer registrars

With OVH, Gandi, Ionos, Infomaniak, Scaleway and most major players, the authinfo is accessible directly from your client area. Generally look for:

A "Domain" or "My domain names" section
Select the domain concerned
Look for a "Security", "Transfer" or "Authorisation codes" tab
The authinfo is either displayed directly, or sent by email after confirmation of your identity

If you cannot find it, do not hesitate to contact your registrar's support. Explicitly mention "authinfo", "auth code" or "authorisation code for outgoing transfer".

With professional registrars

If your domain name is managed by a professional registrar (web agency reseller, IT service provider, etc.), you may need to go through an email or a support ticket. The rule remains the same: the registrar must transmit the authinfo to you free of charge, within a reasonable time (generally 24-72h).

If your registrar does not respond

First step: insist in writing, recalling the contractual obligation to transmit the authinfo. Second step: report to AFNIC customer service at [email protected], mentioning the domain name, the registrar concerned, and the dates of your requests that have gone unanswered. AFNIC can then intervene with the registrar.

How to use the authinfo to transfer your domain

Once the authinfo is in hand, the transfer to a new registrar is done in 4 steps:

Open an account with the new registrar (the "incoming registrar"). If you are transferring to OVH, Gandi or another, create the account if you do not already have one.
Initiate the incoming transfer. The incoming registrar will ask you for: the domain name, the authinfo, and sometimes your NIC-handle number (AFNIC holder identifier).
Pay for the transfer. Most registrars charge between 5 and 15 euros excl. VAT for an incoming transfer (equivalent to one year of renewal). It is generally the cheapest option to change operator.
Wait for validation. The transfer generally takes between a few hours and a few days. AFNIC sends an automatic notification to the outgoing registrar, which cannot refuse (except in specific cases such as a domain in SYRELI dispute). Once validated, your domain appears in your new account and continues to operate without interruption (DNS, emails and the site remain active).

Pitfalls and risks related to the authinfo

Authinfo theft and fraudulent transfer

The biggest risk for a holder: that someone gets hold of your authinfo and uses it to transfer your domain without your consent. Typical cases:

Hacked email: the attacker reads your mailbox, finds an exchange with your registrar containing the authinfo
Compromised client area: if someone has your registrar credentials, they can retrieve the authinfo and launch a transfer
Phishing: a booby-trapped email asking you to "verify" your authinfo
Document shared in clear: authinfo found in a poorly protected file

Once the transfer has been completed, recovering the domain is very complex: you have to go through heavy legal procedures (SYRELI, civil court) that take months.

The clientTransferProhibited option

For critical domains (brands, e-commerce sites, business services), AFNIC offers a simple and free technical protection: the clientTransferProhibited status. When this status is activated on your domain, no outgoing transfer is technically possible, even if someone has the authinfo. To transfer, you must first ask your registrar to remove this lock: an operation that adds an additional layer of control and blocks fraudulent transfer attempts.

Activation of clientTransferProhibited is done via your registrar's client area (generally a simple checkbox) or upon request to their support. It is free and strongly recommended for any professional domain.

Changing the authinfo in case of doubt

If you suspect that your authinfo has leaked (hacked email, document shared by mistake, etc.), immediately ask your registrar to regenerate it. The operation is free and instantaneous. The new authinfo invalidates the old one: even if someone had retrieved it, they will no longer be able to use it.

Special case: authinfo after a snap (purchase of an expired domain)

If you buy a .fr domain name via a drop-catching service (such as Milodomain) or via a broker, the authinfo is transmitted to you as soon as the transaction is finalised. You can immediately carry out a transfer to the registrar of your choice. Our advice: initiate the outgoing transfer quickly after the purchase, and activate clientTransferProhibited with your new registrar to secure the domain.

On the technical side, AFNIC requires the selling registrar to regenerate a strong random authinfo at the moment of ownership transfer: this is a protection against authinfo predictions based on patterns. If your seller transmits an authinfo that looks like a dictionary word or a predictable date, that is a bad sign: ask for an immediate change before finalising the purchase.

Authinfo and registry lock (FR Lock)

For ultra-critical domain names (banks, media, institutional sites), AFNIC offers an even stricter protection: the FR Lock service (290 euros excl. VAT per month in the FR Performance Platinium offer). With FR Lock, no sensitive operation (transfer, deletion, change of nameservers) is possible without a manual out-of-band procedure with validation by telephone or in person. This is the level of security reserved for highly exposed entities (banking-grade cybersecurity).

For the vast majority of holders, free clientTransferProhibited is more than enough.

Check the transfer status of your domain

To check whether the clientTransferProhibited status is activated on your domain, consult the public RDAP record:

https://rdap.nic.fr/domain/yourdomain.fr

Look in the status field for values such as client transfer prohibited or server transfer prohibited. If they are absent, your domain is not protected against transfers. If they are present, they will need to be explicitly deactivated before any legitimate transfer.

Recap: authinfo best practices

Authinfo = critical password: only share it in the event of an actual transfer, and only with your new registrar.
Storage: keep it in a password manager (Bitwarden, 1Password, KeePass), not in an email or a text document.
Change it after each domain purchase or at the slightest suspicion of leakage.
Activate clientTransferProhibited on your important domains (free).
Monitor your access to the registrar's client area: enable two-factor authentication (2FA) if offered.
Beware of unsolicited emails asking for your authinfo: it is almost always phishing.

If you need help to transfer a .fr domain name to Milodomain (registrar accredited by AFNIC for 20 years), or to secure your premium domain names, contact our team. We assist both individuals and companies on all administrative and technical aspects of .fr domain names.