What is a one-time password?
A one-time password, or OTP, might be used to verify your identity on domains with Domain Protection when completing certain domain actions.
Select a question to see its answer:
- What is a one-time password?
- What is identity verification?
- How does a one-time password work?
- When will I get a one-time password?
- Where will the one-time password be sent?
- What if I'm not receiving my one-time password?
- Are there any one-time password limitations?
What is a one-time password?
A one-time password is a speficic authentication code sent to you when completing certain actions on domains with Domain Protection. This unique code lets us verify your identity and helps protect your domains from unauthorized actions, such as transferring a domain, turning off Domain Privacy, or making DNS edits. Accounts with 2-step verification (2SV) turned on won't get a one-time password for identity verification.
What is identity verification?
Identity verification is an additional security measure we use on domains with Domain Protection added to make sure only authorized users can complete certain domain actions. You may have heard of 2-step verification or multi-factor authentication when logging into different accounts online. Identity verification uses that same concept of a secondary verification method to protect your domains and make sure you're an authorized user in the account. The additional identity verification on your domains helps protect your business and brand from unauthorized or malicious actions.
How does a one-time password work?
When completing certain actions on domains with Domain Protection, you'll be asked to enter a verification code. We'll automatically send a one-time password to the registrant email address on your domain (in some cases, you may need to select Send Password to manually send the one-time password). Enter that code in the verification window to confirm your identity and complete the action on your domain. If you've had 2-step verification (2SV) turned on for at least 24 hours, you won't use a one-time password to complete identity verification.
When will I get a one-time password?
You'll receive a one-time password when completing certain domain actions, such as transferring, forwarding or changing nameservers. Remember, if you've had 2-step verification set up for at least 24 hours, you won't use a one-time password for identity verification.
These domain actions are considered high-risk and will prompt for identity verification.
- Delete a domain
- Turn off auto-renew
- Downgrade or remove Domain Protection
- Turn off Domain Privacy
- Change domain contact info
- Only applies when changing the first name, last name, organization or email address of the registrant contact info.
- Add to CashParking
- Unlock a domain
- Export domain list with authorization codes
- Transfer domain to another registrar (away from GoDaddy)
- Transfer domain to another GoDaddy account
- List a domain for sale via List for Sale
- Change nameservers
- Add, edit, or delete DNS records
- Add, edit, or delete domain or subdomain forwarding
- Import DNS zone file
- Edit custom hostnames
Where will the one-time password be sent?
We'll send the one-time password to the registrant email address listed on your domain name. You can view your domain contact info, including the registrant email address, in your GoDaddy account and make any necessary updates.
What if I'm not receiving my one-time password?
If you're not receiving your one-time password to the registrant email address on your domain, there are a few things you can do to troubleshoot.
- Verify you're checking the correct email: Review your current domain contact details and make sure we have the best registrant email address listed on your domain. If you need to change the registrant email address, you can set up 2-step verification (2SV) and then make the email update 24 hours later.
- Check your spam and junk folders: Sometimes one-time password emails can get filtered to your spam or junk folders. Take a quick look at those folders to locate the emails, and mark the message as not spam to avoid the filtering from happening again.
- Wait for the email to arrive: While it doesn't happen often, there are instances where the one-time password email might be delayed. You should receive the email within 5-10 minutes in most cases.
- Use 2-step verification instead: Set up 2-step verification to receive a one-time code at your mobile number via SMS, or choose to use an authenticator app instead. We recommend using an authenticator app for greater reliability and security for the codes. It take 24 hours for 2-step verification to be activated after it's been set up.
If none of these troubleshooting steps get you to your one-time password, our GoDaddy Guides are always here to help.
Are there any one-time password limitations?
Yes, there are a few limitations when using one-time passwords.
- Your one-time password is only valid for 60 minutes after it's been requested.
- A maximum of 5 one-time passwords can be sent in a 7-day period per action, per domain.
- Example: You changed nameservers on your domain Monday and used a one-time password to complete identity verification. Then you changed nameservers on the same domain 4 more times on Thursday and each time used another one-time password. You'll now be locked out of changing nameservers on that domain until Sunday.
Note: You can still complete other actions on this domain and you can complete actions on other domains, too. - If you enter an incorrect one-time password 3 times, you'll be locked out of that action on that domain for 24 hours.
Related step
- Keep your domains secure by upgrading your Domain Protection plan.
- Update the contact info on your domains to keep everything accurate.
More info
- Use 2-step verification to protect your entire GoDaddy account.
- Turn on auto-renew to continue your domain registration uninterrupted.