Afternic Should Offer 2FA

Domain name theft is a big issue for domain investors. I strongly recommend that investors and other domain registrants enable 2 factor authentication (2FA) on their domain registrar accounts to help secure them. Most domain registrars offer at least one form of 2FA, and several offer multiple forms of 2FA, including text message, authentication app, key fob, Yubikey, among others.

GoDaddy allows its customers to choose a variety of security options to secure their accounts. Not only can a domain investor have Google Authenticator or use a YubiKey at GoDaddy for 2FA, but investors can also utilize DTVS (Domain Transfer Validation Service), which is a phone call from GoDaddy to confirm and approve a domain name transfer or account change.

While these security features are helpful, I think a security enhancement is necessary at Afternic, a domain name sales platform that is owned and operated by GoDaddy. Investors would like to know when we can expect to have the option to add 2FA at Afternic:

When an investor lists a domain name for sale at Afternic and it is registered at a registrar that is part of GoDaddy’s Fast Transfer network, it will automatically transfer to the buyer when sold. This is a great program that makes it pretty seamless to sell domain names.

Because Afternic does not offer 2FA for customers, I think there is the potential for security issues.

I would imagine there are Afternic customers who don’t have the best security practices. Perhaps their Afternic password is reused on multiple sites or is not really secure (like Afternic123 or Password123). If someone gains access to the account, either because the password was compromised on another website or the password is easy to guess, a domain name price can be changed without notifying the registrant. Instead of having a name listed for $80,000, someone could change the price to $2,000 without detection. They could then buy the name at a partner registrar, pay, and have the domain name transferred automatically. The domain registrant would only find out the domain name was sold for much less than it had been listed when they receive the Afternic Transaction Assurance sale email.

While the likelihood of someone exploiting this opportunity is relatively low given the fact that I have not heard anyone complain about this happening, that doesn’t mean it will not happen in the future. It would be a shame if this is exploited and 2FA is implemented in a reactionary manner. Why should someone have to go through the trouble of disputing a sale that happened as a result of this when 2FA can help reduce much of the risk here?

This is not a new request, as Michael Summner wrote an article outlining the issue in September of 2018. GoDaddy still sends authorization emails that can be confusing.

I think GoDaddy needs to offer 2FA at Afternic. It doesn’t make sense not to do this. From my perspective, it’s almost like having a home with a strong deadbolt lock on a steel front door, but the side door is just a hollow slab door with a push lock that can be accessed fairly easily.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn


  1. GoDaddy is just a small company with a handful of employees. Surely they lack the resources. Maybe they can hire Bob Parsons to do it for a few bucks.

  2. I wish any one from Afternic read all of these.

    Because we told Afternic all of these last a few years many times…. They dont care, seriously, they dont care.

    A few days ago, AbdulBasit Makrani wrote same things as suggestions….

    All domainers agree with these suggesstions, so what they are waiting for? Stealing valuable asssets from Afternic? Afternic waiting for this?


Please enter your comment!
Please enter your name here

Recent Posts

Fred Hsu Offers Tips on Domain Name Security

According to Coin Telegraph, there has reportedly been a security incident involving domain names at Squarespace. "Multiple decentralized finance (DeFi) apps were targeted in...

Registrar Where My Last 10 Afternic Sales Landed

After I sell a domain name, I don't pay much attention to it. Occasionally, I will look to see how it is being used,...

DomainLeads Integrated into Email

One of the paid tools I use daily is the email alerts. I created 3 alert emails with different parameters, and each morning,...

Sedo Reports Record Breaking .Game Sale

As of this morning, the largest domain name sale in the .Game extension recorded by Namebio was the $40,888 sale of A.Game. That domain...

When the Best Prospect Goes Under

It feels pretty good when a startup founder wants to buy your domain name. I know the domain name can probably incrementally help the...