Why You Might Get an Erroneous GoDaddy 2FA Message

I have two factor authentication enabled on my GoDaddy accounts, in addition to added layers of security. Whenever I log into one of my accounts, I receive a text message with a security code. This happens both when I login to GoDaddy online and when I call in to speak with a representative.

The other day, I received a two step verification code text message from GoDaddy, despite being away from my office. Concerned that someone had managed to breach my account password, I called my account executive and asked him what triggered the text message. It turns out, my account security was never compromised. Another customer must have called in and and given the customer service representative a domain name my company owns. GoDaddy sent out the 2FA code to verify his identity, and it came to me since the domain name is mine. This prevented the caller from gaining access to my account.

I would imagine this may have had something to do with a domain name I won on GoDaddy Auctions just prior to the incident. The person probably didn’t realize he no longer owned the domain name and he was concerned when he saw the domain name being used by someone else. He called into GoDaddy, and when they asked for the domain name or account number, he told them a domain name that my company now owns.

Having two factor authentication enabled is a smart move. Most domain registrars offer this for free in one form or another. When it comes to GoDaddy, sometimes customers may receive these notifications without their own prompting. I wanted to share one scenario that might trigger this text message erroneously.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn

3 COMMENTS

  1. The way I understand it is that they only ask for the 2FA code after the pin or last 8 has been validated. I could be wrong but I think it’s worth paying attention to.

  2. What is stated in the article is correct. A 2fa can be sent without the other half of the login credentials being used and it is very likely that the old domain owner called in and was trying to access the domain he thought he still owned.
    You cannot gain access to an account without both halves of the login credentials, the code and the password , PIN, or CC info.

    • @Joe does this also apply to 2FA codes generated by Google Authenticator or Authy? If not, how is account security maintained over call, say in the situation Elliot was in?

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Recent Posts

Handoff to Dan on Imported Leads Can be Confusing

0
I've been using the lead import option at Dan.com more regularly. Although the 5% commission is not ideal, transactions tend to move more quickly...

ArtificialIntelligence.com Goes Up for Sale

8
I tried to buy the ArtificialIntelligence.com domain name multiple times over the last 10 years. The emails I sent to the registrant went unanswered,...

EU Gives More IP Protection to Food & Drink Producers

0
Did you know that some well-known food and drink varieties are protected intellectual property regulations? Popular types of drinks and foods that are protected...

Price Testing

1
In 2022, my wife and I decided our kids were ready for some big mountain skiing and we planned a trip to the Rocky...

GoDaddy Making You Sign in to See What You Renewed (Updated)

3
This morning, I noticed something different in a domain name renewal email from GoDaddy. Instead of telling me exactly what domain names I renewed...