Skip to main content
Help Center
The GoDaddy Community will undergo maintenance starting on Tuesday, August 3rd at 3pm PST / 6pm EST. Learn more
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
apr10pas
New

2-step verification for support access?

Why would support (on the phone or via chat) ask me for my temporary 2-step verification code instead of just asking for my pin code? Banks don't even do that. Isn't this a big no-no if you want to protect yourself from being phished??

1 ACCEPTED SOLUTION
JesseW
Community Manager

Thanks for your feedback @apr10pas. I suppose there is an assumption that if you are calling the support team, you can trust that you are speaking to us and shouldn't need to be concerned about providing the code. I applaud that you take your account security seriously though. I will pass on your feedback appropriately. Sorry for any confusion.

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give likes.

View solution in original post

3 REPLIES 3
JesseW
Community Manager

Hi @apr10pas. Thanks for posting. Our customer care team has the ability to update account information on behalf of customers. Because of this, we need to validate access to the account in the same way that we would validate someone who is logging in. If someone other than the account holder were to call in with the PIN and we didn't ask them for the two-step verificaiton code, they could ask for information to be updated and the account owner could get locked out of the account. I hope that helps. 

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give likes.

But to my knowledge this is not or very sparsely documented. I even asked about it on the chat and the support agent was unable to direct me to a help page that confirmed the approach you describe

 

When I look at my profile settings it is obvious there is such a thing as a Support PIN. But nothing is mentioned about having to provide a temporary 2-step code when that type of verification is turned on. If it is in the documentation it should be made more accessible. IMO it should be clear from the profile settings page as well.

 

The only thing the support agents (one on the phone, one on the chat) could say ways "hey, that's the way it works at godaddy" To me that sounds like "we use 2-step verification for support transactions as well although everywhere else in the world sharing temporary codes is considered harmful for your privacy and security" 

 

FYI: I was triggered to call support because of mail I received today from godaddy which - as far as I know - contains incorrect information. It said the services linked to one of my domains had been disabled (e.g.), which as of now I cannot confirm. Everything seems operational still. So my first thought was a phishing attempt, although the email seemed legit (it was). But then the CSO asked me for my 2-step code sent to me via SMS. This made me feel very anxious. 

 

The two CSO's were unable to convince me that it was OK to provide them with said codes.

JesseW
Community Manager

Thanks for your feedback @apr10pas. I suppose there is an assumption that if you are calling the support team, you can trust that you are speaking to us and shouldn't need to be concerned about providing the code. I applaud that you take your account security seriously though. I will pass on your feedback appropriately. Sorry for any confusion.

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give likes.

View solution in original post