cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Re: verification code via SMS

I keep getting these notifications from people trying to access my account over the phone. They do not need your password they can just hit this route up and get full access. Our information is protected but it scares the crap out of us. 

 

I've had 2 unidentified calls from this route. Godaddy does absolutely nothing at all on the phone and keeps chalking it up to accidental account access attempts. 

It would be great if they logged certain things more openly. Why can't you relay information about failed attempts.  

Also this person below managed to hack past two step verification. You might want to step up the code a couple more digits!

https:// medium.com /@yenthanh/how-did-i-hack-godaddy-2-step-authentication-of-my-own-account-7be 78...

 

 

1 REPLY 1
Moderator
Moderator

Re: verification code via SMS

Hi @CoverClubMedia,

 

Welcome to the Community! Thank you for your feedback on the security of your account. Fortunately, with due diligence by our customers, taking responsibility for the safety of their account, very few GoDaddy accounts are breached. The main reason is the inadvertent sharing of information (usually by the account holder, or preventable phishing attempts), hacked emails for password resets, and stagnant security choices are the main culprits. 

 

When a customer calls for support, the agent will ask the caller to identify an account and provide the PIN or credit card digits. If these are common (easily determined numbers), or once shared, the other party will gain access to your account. When 2-Factor Authentication has been added to your account, unauthorized access is very rare. If you receive SMS alerts with this access number on your mobile device, and are not logging in at the time, you can rest easy knowing it was not received by the party attempting access to your account. They will not be allowed access online or through the agent.

 

There are a number of actions you can take to prevent unauthorized access.

> Do not share any account information with another party, including web-developers (to whom you can provide ftp or delegate access instead)

> Be in the practice of updating your password and PIN on a regular basis.

> If you had shared the account with another party that should no longer have access (such as an ex-employee), update any necessary account information and security features.  

 

We hope this helps you in preventing unwanted access. GoDaddy provides a number of tools and actions to help you with this goal.

 

 

 

 

 

 

TLH - GoDaddy | Community Moderator
Supporting you at x.co/247support