cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
Highlighted

2-step verification for support access?

Why would support (on the phone or via chat) ask me for my temporary 2-step verification code instead of just asking for my pin code? Banks don't even do that. Isn't this a big no-no if you want to protect yourself from being phished??

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Community Manager
Community Manager
Solution

Re: 2-step verification for support access?

Thanks for your feedback @apr10pas. I suppose there is an assumption that if you are calling the support team, you can trust that you are speaking to us and shouldn't need to be concerned about providing the code. I applaud that you take your account security seriously though. I will pass on your feedback appropriately. Sorry for any confusion.

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.

View solution in original post

3 REPLIES 3
Highlighted
Community Manager
Community Manager

Re: 2-step verification for support access?

Hi @apr10pas. Thanks for posting. Our customer care team has the ability to update account information on behalf of customers. Because of this, we need to validate access to the account in the same way that we would validate someone who is logging in. If someone other than the account holder were to call in with the PIN and we didn't ask them for the two-step verificaiton code, they could ask for information to be updated and the account owner could get locked out of the account. I hope that helps. 

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.
Highlighted

Re: 2-step verification for support access?

But to my knowledge this is not or very sparsely documented. I even asked about it on the chat and the support agent was unable to direct me to a help page that confirmed the approach you describe

 

When I look at my profile settings it is obvious there is such a thing as a Support PIN. But nothing is mentioned about having to provide a temporary 2-step code when that type of verification is turned on. If it is in the documentation it should be made more accessible. IMO it should be clear from the profile settings page as well.

 

The only thing the support agents (one on the phone, one on the chat) could say ways "hey, that's the way it works at godaddy" To me that sounds like "we use 2-step verification for support transactions as well although everywhere else in the world sharing temporary codes is considered harmful for your privacy and security" 

 

FYI: I was triggered to call support because of mail I received today from godaddy which - as far as I know - contains incorrect information. It said the services linked to one of my domains had been disabled (e.g.), which as of now I cannot confirm. Everything seems operational still. So my first thought was a phishing attempt, although the email seemed legit (it was). But then the CSO asked me for my 2-step code sent to me via SMS. This made me feel very anxious. 

 

The two CSO's were unable to convince me that it was OK to provide them with said codes.

Highlighted
Community Manager
Community Manager
Solution

Re: 2-step verification for support access?

Thanks for your feedback @apr10pas. I suppose there is an assumption that if you are calling the support team, you can trust that you are speaking to us and shouldn't need to be concerned about providing the code. I applaud that you take your account security seriously though. I will pass on your feedback appropriately. Sorry for any confusion.

 

JesseW - GoDaddy | Community Manager | 24/7 support available at x.co/247support | Remember to choose a solution and give kudos.

View solution in original post