Why You Might Get an Erroneous GoDaddy 2FA Message

I have two factor authentication enabled on my GoDaddy accounts, in addition to added layers of security. Whenever I log into one of my accounts, I receive a text message with a security code. This happens both when I login to GoDaddy online and when I call in to speak with a representative.

The other day, I received a two step verification code text message from GoDaddy, despite being away from my office. Concerned that someone had managed to breach my account password, I called my account executive and asked him what triggered the text message. It turns out, my account security was never compromised. Another customer must have called in and and given the customer service representative a domain name my company owns. GoDaddy sent out the 2FA code to verify his identity, and it came to me since the domain name is mine. This prevented the caller from gaining access to my account.

I would imagine this may have had something to do with a domain name I won on GoDaddy Auctions just prior to the incident. The person probably didn’t realize he no longer owned the domain name and he was concerned when he saw the domain name being used by someone else. He called into GoDaddy, and when they asked for the domain name or account number, he told them a domain name that my company now owns.

Having two factor authentication enabled is a smart move. Most domain registrars offer this for free in one form or another. When it comes to GoDaddy, sometimes customers may receive these notifications without their own prompting. I wanted to share one scenario that might trigger this text message erroneously.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn


  1. The way I understand it is that they only ask for the 2FA code after the pin or last 8 has been validated. I could be wrong but I think it’s worth paying attention to.

  2. What is stated in the article is correct. A 2fa can be sent without the other half of the login credentials being used and it is very likely that the old domain owner called in and was trying to access the domain he thought he still owned.
    You cannot gain access to an account without both halves of the login credentials, the code and the password , PIN, or CC info.

    • @Joe does this also apply to 2FA codes generated by Google Authenticator or Authy? If not, how is account security maintained over call, say in the situation Elliot was in?

Leave a Reply

Recent Posts

Fox.org UDRP Decision is Upsetting

Last night, I saw that WIPO had posted an update regarding the Fox.org UDRP. Fox.org is a domain name registered in 1996, and I...

CEO of NFT.com Shares Domain Name Acquisition Learnings

Jordan Fried is the owner of some exceptional domain names. A few of the domain names he owns include NFT.com, PuertoRico.com, and Fried.com. This...

Taking a Blog Break

I have been writing articles on my blog since 2007. I have been fortunate to have the advertising support of many domain industry companies...

Some Thoughts About 2023

As the year winds down, I have been thinking about what to expect for the upcoming year. I am hopeful that it will be...

How I Am Preparing for the New Year

Less than a week remains in 2022. This is generally a quiet week in terms of domain name sales, so I tend to spend...