I think having 2 factor authentication (2FA) enabled on domain registrar accounts is of utmost importance at those registrars that offer it. Some registrars use Google Authenticator, others utilize a separate security fob of some sort, and others use text message alerts.
GoDaddy just updated its 2 factor authentication system, and I think it is important for domain investors who use GoDaddy to know about what changed and how it changed. In a thread on NamePros, Joe Styler, the Aftermarket Product Manager at GoDaddy, mentioned that GoDaddy made some updates to its 2FA security. I reached out to Joe, and he shared some additional information and insight about the updates, what prompted them, and how these changes will impact customers.
Here’s what Joe told me:
The big difference is that we added support for more than just text messages to your phone. This was through direct feedback from customers, especially those who are not based in the U.S. They wanted a way they could get added security on their account but still have access on demand. With text messages sometimes they can be blocked, or not work correctly when roaming or traveling, etc. If someone was in the middle of a domain sale they wanted quick secure access so we started asking what would help no matter where you were and most people wanted a way to authenticate via an app such as Google authenticator. We also wanted to provide a way for customers to add a backup way to access their account that was still secure in case they forgot their phone or changed carriers and numbers etc. We added the ability to add a backup authentication method with the new release which lets you add an additional phone number or use an app in addition to your phone number in order to make sure you still have easy access to your account in case of a problem. If you want to add this backup authentication method you can do so in your account settings. You can use this same link to set up 2FA if you do not have it setup already.
We also added the ability to narrow down what you want to have prompt you for 2FA on your account. You can choose to lock the whole account down so that every time you login you are prompted for the 2FA code or you can choose to only lock down the most sensitive areas of your account with 2FA such as changes to the password on the account or the main account PIN. You can make that choice at any time in the security settings in your account where you set up the 2FA.
Personally I use it on my own account and think it is important to use no matter how many or what type of domains you have. You may think only very valuable names can be taken from an account but if you have a small business or an email address using one of your domains, losing it would be very problematic. I believe GoDaddy to be very secure but in our connected day and age it is a real possibility that something can happen such as falling for a phishing attempt, an external email provider you use being hacked, or surfing on a public wifi network etc. In light of all these possibilities it is a best practice to set up an extra layer of security. With the ability to add a backup and an app as well as a phone number there really is no excuse not to secure your domains. If you want more information on how to set it up or how it works you can check out our help article on it here.