Here’s how to add security to your Afternic account.
One of the bigger security risks in the domain aftermarket has been the lack of two-factor authentication for Afternic accounts. If someone hacks into your Afternic account, they can decrease the price of a domain and then buy it through a registrar partner at the lower price.
Afternic has updated its login platform and there are two options now that resolve this. One is to sign in with GoDaddy, which I recommend to anyone creating a new account. GoDaddy has offered two-factor for a long time. The other is to continue using a unique Afternic login and add two-factor authentication.
To set up two-factor authentication on Afternic, log into your account and select “Account” in the left-hand panel and then “Account Details”. Scroll down to “Security” and select “2-step verification”.
You can then set up 2-step verification using an authenticator app such as Google Authenticator, SMS text messages, or a physical security key. For some reason, Afternic suggests the Authenticator app rather than the more secure physical key, but I suspect this is because the physical key would confuse people who aren’t familiar with the option. A physical key also doesn’t allow for authentication if you call support.
I recommend against SMS-based authentication, but it’s better than nothing.
Paul A. says
US phone numbers are allowed only to get sms, not seeing any option for other countries.
Sent an email to Support and Services team of Afternic with proof, hope they will fix the issue soon.
Andrew Allemann says
Are you saying that non-US customer’s can’t get SMS two factor? If that’s the case, they can use one of the other two methods, which are much more secure.
Paul A. says
I agree.But if anyone wants to opt for mobile option, they will face the problem.
They must come with error free process.
I know they have launched today and hope they will solve this issue soon.
Andrew Allemann says
You can use an authenticator app while on mobile. You can also use some security keys, but its’ definitely harder.
Squarely says
“I recommend against SMS-based authentication, but it’s better than nothing”
what your reason(s) ???
Andrew Allemann says
https://krebsonsecurity.com/2021/03/can-we-stop-pretending-sms-is-secure-now/
Paul A. says
Yes
James A. says
As much as I give Godaddy/Afternic a hard time and as much as I dislike them as a company. I have to give them credit for supporting security keys which IMO are simultaneously the most secure and most convenient method. No fumbling around with codes. I wish more companies who have 2FA supported security keys…I’m especially thinking of Dan who also this year rolled out 2FA.