GoDaddy is now offering its clients the ability to log in to their account with YubiKey as a form of two factor authentication, according to Paul Nicks, Vice President and GM of GoDaddy’s Aftermarket. Previously, customers with 2FA on their accounts could only choose SMS or Google Authenticator for 2FA.
YubiKey has become a popular form of 2FA that does not rely on a customer’s mobile phone. For those who aren’t familiar with YubiKey, this Wired article explains how YubiKey works and the benefits it offers.
According to the YubiKey website, companies such as Google, Facebook, GitHub, Salesforce.com, Dropbox, and many others allow customers to login using YubiKeys. I believe some password managers also allow customers to use YubiKey for 2FA. Customers who already use YubiKey for two factor authentication on other websites can set it up on their GoDaddy account.
The idea for enabling YubiKey 2FA at GoDaddy was borne from the company’s annual TechFest hackathon. One of GoDaddy’s security engineers reached out to a contact at YubiCo, and they developed this alternative secure log-in functionality.
For those attending NamesCon, Paul Nicks will be handing out GoDaddy-branded YubiKeys at no cost to GoDaddy customers who answer a few security survey questions. For those who are not attending NamesCon, YubiKeys can be purchased directly from YubiCo, Amazon, or your favorite tech retailer that carries the product line for approximately $20. GoDaddy has a landing page that explains how to set up and activate a YubiKey.
GoDaddy’s optional enhanced DTVS security functionality will not change with the usage of a YubiKey. Customers who have DTVS enabled will still need to verbally approve any account changes or outbound domain name transfers. The YubiKey is simply an alternative secure 2 factor authentication option for customers.
I use 2FA on my GoDaddy accounts and have DTVS enabled, but I plan to try YubiKey.