Why You Might Get an Erroneous GoDaddy 2FA Message

I have two factor authentication enabled on my GoDaddy accounts, in addition to added layers of security. Whenever I log into one of my accounts, I receive a text message with a security code. This happens both when I login to GoDaddy online and when I call in to speak with a representative.

The other day, I received a two step verification code text message from GoDaddy, despite being away from my office. Concerned that someone had managed to breach my account password, I called my account executive and asked him what triggered the text message. It turns out, my account security was never compromised. Another customer must have called in and and given the customer service representative a domain name my company owns. GoDaddy sent out the 2FA code to verify his identity, and it came to me since the domain name is mine. This prevented the caller from gaining access to my account.

I would imagine this may have had something to do with a domain name I won on GoDaddy Auctions just prior to the incident. The person probably didn’t realize he no longer owned the domain name and he was concerned when he saw the domain name being used by someone else. He called into GoDaddy, and when they asked for the domain name or account number, he told them a domain name that my company now owns.

Having two factor authentication enabled is a smart move. Most domain registrars offer this for free in one form or another. When it comes to GoDaddy, sometimes customers may receive these notifications without their own prompting. I wanted to share one scenario that might trigger this text message erroneously.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn


  1. The way I understand it is that they only ask for the 2FA code after the pin or last 8 has been validated. I could be wrong but I think it’s worth paying attention to.

  2. What is stated in the article is correct. A 2fa can be sent without the other half of the login credentials being used and it is very likely that the old domain owner called in and was trying to access the domain he thought he still owned.
    You cannot gain access to an account without both halves of the login credentials, the code and the password , PIN, or CC info.

    • @Joe does this also apply to 2FA codes generated by Google Authenticator or Authy? If not, how is account security maintained over call, say in the situation Elliot was in?

Leave a Reply

Recent Posts

Trademarkia Hiring Lead Developer for Domain Registrar Integration

Trademarkia is a website I use occasionally to perform trademark-related searches. This morning, I noticed a job listing the company posted on LinkedIn that...

SquadHelp Ultra Premium Marketplace Goes Live

🎉 It's here! The Ultra-Premium Marketplace is live We've partnered with @HilcoDigital to curate an incredible collection of domains. More additions coming soon! 🌟 Check it...

ROTD Auction Web3 Domain Names

According to a press release I received a moment ago, Right of the Dot is auctioning "Web3" domain names in partnership with Unstoppable Domains....

Sage.ai Dispute Gives Guidance on Common One Word Domains

The latest #UDRP Digest (Vol 3.37) is out now! Read about some interesting cases including #sage.ai, #stable.com, #extenso.org and more, with commentary from @dnattorney...

BuyDomains Discontinues Sharing Domain Name Sales

BuyDomains owns and operates a very large domain name portfolio consisting of hundreds of thousands of domain names - possibly millions. Many of the...