Why You Might Get an Erroneous GoDaddy 2FA Message | DomainInvesting.com
Neustar Domain Names

Why You Might Get an Erroneous GoDaddy 2FA Message

3

I have two factor authentication enabled on my GoDaddy accounts, in addition to added layers of security. Whenever I log into one of my accounts, I receive a text message with a security code. This happens both when I login to GoDaddy online and when I call in to speak with a representative.

The other day, I received a two step verification code text message from GoDaddy, despite being away from my office. Concerned that someone had managed to breach my account password, I called my account executive and asked him what triggered the text message. It turns out, my account security was never compromised. Another customer must have called in and and given the customer service representative a domain name my company owns. GoDaddy sent out the 2FA code to verify his identity, and it came to me since the domain name is mine. This prevented the caller from gaining access to my account.

I would imagine this may have had something to do with a domain name I won on GoDaddy Auctions just prior to the incident. The person probably didn’t realize he no longer owned the domain name and he was concerned when he saw the domain name being used by someone else. He called into GoDaddy, and when they asked for the domain name or account number, he told them a domain name that my company now owns.

Having two factor authentication enabled is a smart move. Most domain registrars offer this for free in one form or another. When it comes to GoDaddy, sometimes customers may receive these notifications without their own prompting. I wanted to share one scenario that might trigger this text message erroneously.


About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has sold seven figures worth of domain names in the last five years. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest.


Reach out to Elliot: Twitter | | Facebook | Email

Comments (3)

    Brad

    The way I understand it is that they only ask for the 2FA code after the pin or last 8 has been validated. I could be wrong but I think it’s worth paying attention to.

    June 19th, 2017 at 11:43 am

    joe styler

    What is stated in the article is correct. A 2fa can be sent without the other half of the login credentials being used and it is very likely that the old domain owner called in and was trying to access the domain he thought he still owned.
    You cannot gain access to an account without both halves of the login credentials, the code and the password , PIN, or CC info.

    June 19th, 2017 at 1:00 pm

      AJ

      @Joe does this also apply to 2FA codes generated by Google Authenticator or Authy? If not, how is account security maintained over call, say in the situation Elliot was in?

      In reply to joe styler | June 20th, 2017 at 8:01 am

Leave a Reply

Name *

Mail *

Website