GoDaddy : Still haven’t enabled two-factor authentication?


Two-factor authentication at GoDaddy.

With GoDaddy now offering two-factor authentication worldwide, there is no excuse not to enable it.

Domains can be stolen using the usual phishing technique, or via social engineering.

Just in case you need additional motivation, here’s some food for thought.

Yesterday, a domain investor lost control of three valuable dictionary domains –, and – after he fell prey to a phishing attack.

Without two-factor authentication enabled, the perpetrator gained access to his account.

After reporting the incident, GoDaddy locked down the domains, making them impossible to be transferred out, but not before the thief had moved them to a new account with fake WHOIS info.

For the record, the email used by the thief was – a purely random string, apparently used in order to avoid detection.

Many thanks to Joe Styler of GoDaddy for handling this case as an emergency; the domains are back in the possession of their owner after less than 24 hours.


Copyright © 2022 · All Rights Reserved.


7 Responses to “GoDaddy : Still haven’t enabled two-factor authentication?”
  1. Domain Observer says:

    I don’t know about Godaddy. But, I hear from some people using other registrars’ 2 factor authentication apps say that they lost access to their accounts because of the app’s mis-operation issue, mainly sync problem. I guess that’s why some people are afraid of using the 2 FA apps.

  2. DomainGang says:

    DO – Never heard of that issue before. Plus you can print out backup codes. GoDaddy is using SMS for now.

  3. Domain Observer says:

    A lot of issues suffered by domain holders are not floating on the surface. But, the reality is that there exist weak people (domain holders) suffering from giants'(registrars) wrong-doings and those wrong-doings are not simply reported by the mass media who tend to be sponsored sponsored by the giants. I am glad that Godaddy is using SMS for their 2 FA. I hope they will continue to use SMS. If the SMS incurs cost, I am willing to pay for that.

  4. DomainGang says:

    DO – Personally I prefer the app but each to their own. Keep your domains safe by enabling two-way authentication. And don’t click on email links asking you to do so, always visit the registrar directly.

  5. Domain Observer says:

    Thanks for your advice. I will do that. One more comment. What is taken for granted by Americans in the USA may/can/will not be taken for granted in other countries. For one example, a native American will not ask him/herself why he/she speaks English language so fluently. That’s because it’s taken for granted. But to a person in countries like China, Japan and Korea, speaking English fluently cannot be taken for granted as he/she has to spend unbelievable/unimaginable/phenomenal amount of time, energy and money on learning English. Still, their English fluency is mostly far from satisfactory. Likewise, what is perfectly ok in the USA may not be ok in other parts of the world. So, if somebody wants to do business with people around the world, he/she should not limit their perception of situation to USA only. Thanks.

  6. Hire Domains says:

    Boy oh boy, dynadot’s is just crazy and did not work for me, I did ask them to do a screencast and put it on YouTube, I don’t think they have yet though? Joe is a good guy

  7. Matt says:

    Dynadot needs to integrate their 2FA upon login. Right now they do it when you try to transfer a domain out, etc. However, someone can still login and change name servers, update other details, and so forth. Not ideal. Hopefully they update it.

Leave a Reply

Your email address will not be published.

 characters available