Why You Might Get an Erroneous GoDaddy 2FA Message

I have two factor authentication enabled on my GoDaddy accounts, in addition to added layers of security. Whenever I log into one of my accounts, I receive a text message with a security code. This happens both when I login to GoDaddy online and when I call in to speak with a representative.

The other day, I received a two step verification code text message from GoDaddy, despite being away from my office. Concerned that someone had managed to breach my account password, I called my account executive and asked him what triggered the text message. It turns out, my account security was never compromised. Another customer must have called in and and given the customer service representative a domain name my company owns. GoDaddy sent out the 2FA code to verify his identity, and it came to me since the domain name is mine. This prevented the caller from gaining access to my account.

I would imagine this may have had something to do with a domain name I won on GoDaddy Auctions just prior to the incident. The person probably didn’t realize he no longer owned the domain name and he was concerned when he saw the domain name being used by someone else. He called into GoDaddy, and when they asked for the domain name or account number, he told them a domain name that my company now owns.

Having two factor authentication enabled is a smart move. Most domain registrars offer this for free in one form or another. When it comes to GoDaddy, sometimes customers may receive these notifications without their own prompting. I wanted to share one scenario that might trigger this text message erroneously.

Elliot Silver
Elliot Silver
About The Author: Elliot Silver is an Internet entrepreneur and publisher of DomainInvesting.com. Elliot is also the founder and President of Top Notch Domains, LLC, a company that has closed eight figures in deals. Please read the DomainInvesting.com Terms of Use page for additional information about the publisher, website comment policy, disclosures, and conflicts of interest. Reach out to Elliot: Twitter | Facebook | LinkedIn


  1. The way I understand it is that they only ask for the 2FA code after the pin or last 8 has been validated. I could be wrong but I think it’s worth paying attention to.

  2. What is stated in the article is correct. A 2fa can be sent without the other half of the login credentials being used and it is very likely that the old domain owner called in and was trying to access the domain he thought he still owned.
    You cannot gain access to an account without both halves of the login credentials, the code and the password , PIN, or CC info.

    • @Joe does this also apply to 2FA codes generated by Google Authenticator or Authy? If not, how is account security maintained over call, say in the situation Elliot was in?


Please enter your comment!
Please enter your name here

Recent Posts

Fred Hsu Offers Tips on Domain Name Security

According to Coin Telegraph, there has reportedly been a security incident involving domain names at Squarespace. "Multiple decentralized finance (DeFi) apps were targeted in...

Registrar Where My Last 10 Afternic Sales Landed

After I sell a domain name, I don't pay much attention to it. Occasionally, I will look to see how it is being used,...

DomainLeads Integrated into Dropping.pro Email

One of the paid tools I use daily is the Dropping.pro email alerts. I created 3 alert emails with different parameters, and each morning,...

Sedo Reports Record Breaking .Game Sale

As of this morning, the largest domain name sale in the .Game extension recorded by Namebio was the $40,888 sale of A.Game. That domain...

When the Best Prospect Goes Under

It feels pretty good when a startup founder wants to buy your domain name. I know the domain name can probably incrementally help the...