New security option available to customers with a U.S. mobile phone number.
GoDaddy.com has added two factor authentication capabilities for U.S. customers. The feature appears to have been added within the past couple days.
The added security layer, also known as two step authentication, means that someone who gets control of your username and password will be unable to log in to your account. In addition to the usual login credentials, Go Daddy will send a one time passcode to your mobile phone that will be required for account access every time you log in.
The new feature is available within the “account settings” tab under “Account Security Settings”.
I just completed the two factor sign up process and it took about one minute to complete.
While two factor authentication does add a slight inconvenience each time you log in, it sure beats having someone steal one of your domains or change a nameserver on one of your key web sites.
Some other domain registrars already offer two factor authentication. Go Daddy’s service is noteworthy because it’s the biggest domain registrar so this will potentially protect a large number of domain names.
Mike Flynn says
I would certainly enable this feature whenever it reaches UK. I’ve never sat comfortably with the idea that just a username and password is all there is between a crook and my domains and websites. Would also be a positive factor when considering renewals.
Mike says
That’s a great step, but if you are a serious domain buyer you would never use this unless you rarely need access to your account.
I probably log in 15 or 20 + times a day since the system logs me out after something like 15 minutes of inactivity. It would literally drive me batty to have to add another layer.
What about when you are running late to an TDNAM auction and have to wait for a code? That won’t work either. A few seconds and you can miss some auctions.
I commend them for moving in the right direction. This is needed.
.
Andrew Allemann says
@ Mike – good point. I don’t log in more than once a day. If I were active with auctions this would be frustrating. I wonder if they could make it one factor to get in to limited account functionality and two factor for more sensitive areas of the account.
I also like Gmail’s two factor Android app. Instead of getting a text message with a code, you just open an app and it provides the code.
Harold says
It’s nice to see that leading companies in their respective verticals are giving users the perfect balance between security and user experience by implementing 2FA which allows us to telesign into our accounts. I know some will claim this make things more complicated, but the slight inconvenience each time you log in is worth the confidence of knowing your site(s) are secure. I’m hoping that more companies start to offer this awesome functionality. This should be a prerequisite to any system that wants to promote itself as being secure.
Andrew Allemann says
@ Harold — and the nice thing is it gives you a choice.
Zach says
A smart phone app just like the Google Authenticator will serve international users and it doesn’t have carrier costs.
AP says
bad implementation. look how google/dropbox/lastpass did it: you only need to double-authenticate once a month (per computer) and you can use authenticator phone app all over the world.
Andrew Allemann says
@ AP – It’s not a “bad” implementation, it just needs a couple more features. Google gives you the option of authenticating for 30 days at a time. On my laptop I never check that option b/c a laptop is more likely to be stolen.
AbdulBasit Makrani says
I wonder when they will offer two factor authentication in Pakistan!
Rehman says
Namecheap brought it late in Oct2013 but brought it for all the countries. SMS and Call based. GoDaddy losers…