Dynadot refusing to unlock account, what are my options? ...

[tripflex]

Going to try and keep this short and sweet. I started a hosting company back in 2009, was just me and eventually grew in size. I ended up having to start hiring people and one of them that was with us for a short while I had setup an account with Dynadot to start catching auction domains.

Long story short, he left the company a month or so later, and now about 2 years later I go into the account to try and transfer one of the domains, and am unable to unlock the account.

Dynadot required birthday to unlock and if you don't have that you need the security question. I don't have the guys birthday and every attempt to contact him has failed.

Few things to note:

• All domains under account were purchase with MY business credit card with MY name on it
• The email on the account has been setup to forward to my email
• The address on the account is my company address
• The phone number on the account is company phone number

Contacted Dynadot multiple times and they basically refuse to unlock the account unless I get them a photo ID showing his name or provide the security question answer. I've asked them to just review the invoices and they will see it's my name on the credit card, asked to verify via sending a letter to address, or even call to verify, but they refuse to do any of that to verify the account.

So now i'm left with what options I have available to handle this. My first thought was just to get a lawyer involved, but that could end up costing a good chunk of change and I want to try and keep the cost down as much as possible.

The only other option I could think of was to let the domains expire and try and catch them in the Dyandot auction, or if the price ends up going crazy out of control in the auction, just renew the domain.

Does anybody have any suggestions or thoughts regarding this? I've exhausted every option I can think of to prove to them it's my account but have not gotten anywhere.

If I do let the domains go into auction and expire, say I end up not catching one of them because someone snipes the bidding and gets it .... technically I could still renew it, right? As long as it's within redemption period?

Thanks guys!!

 

[carob]

Many partnerships go sour too...

This is why corporate domains should be listed in the name of the company, not an employee who could leave or even die in the future.

That is normally good advice - you can find plenty of UDRPs where an employee left a company and took the domain with them, so the company had to UDRP to get it back.

BUT with Dynadot using a company name could be fatal if this account lock happens, because then Dynadot will robotically demand a photo ID, even if someone does not have one, like this person: https://www.namepros.com/threads/need-advice-dynadot-lock-out.729060/

It could actually be funny to see someone like Markmonitor try to explain to Dynadot that a company does not have a photo ID.

 

[cdboard]

this thread reminded me that I should verify that I can unlock my account.

I did, and locked it again. I suggest everyone check to see if they can unlock.

 

[SamuelLDotson]

They do not warn you that loging attempts are limited and failure results in permanent locking. Login failure can be due to typos, interrupted internet connection, <snip> reversed date formats - in other words, not necessarily your fault, and yet you are treated like a criminal for wanting to access your own account.

Many people get locked out of their accounts (or lock their accounts). Many times for the reasons you've stated above. Some people get locked out many times in the course of their history with us. They simply email us and we remove the lock.

An account would not be secure if we allowed, for example, an unlimited number of sign in attempts or birthday attempts. I do not believe you are suggesting we do that, but it would seem that there does need to be some limit in order to prevent brute force attacks.

BUT with Dynadot using a company name could be fatal if this account lock happens, because then Dynadot will robotically demand a photo ID, even if someone does not have one, like this person:

We actually wouldn't do that.

this thread reminded me that I should verify that I can unlock my account.

I did, and locked it again. I suggest everyone check to see if they can unlock.

Everyone should do that.
Especially if it is a company account. They should also make sure all the particulars for an account are recorded somewhere.

 

[carob]

We actually wouldn't do that.

But you did. I linked to another thread here where established Dynadot customers were told their accounts could only be unlocked if they supplied photo ids, which they did not have.

In many parts of the world there is no requirement to have a photo id of any kind and many people do not have one. So how do you unlock those accounts?

 

[forge]

I was googling around trying to help solve a similar problem when I found this thread. Glad to see the OP got his names back, and glad to see Dynadot tries to care about security, but the problem is far worse than described here as you can get your account permanently locked without warning if you don't realise the dangers at Dynadot.



You can submit the DOB three times. After a third failed attempt - you are not told there are only three allowed - you are asked to put in the secret security word set up when the account was created. If one - yes just one - attempt to input that fails for whatever reason, your account is locked and you are asked to send in a government photo ID, regardless of whether you have one or are allowed to send it, or are willing to take the risk of ID theft. You are told processing the ID can take 48 hours.

The lock, unlike most, does not expire - trying again later is futile, and Support does not help.

They do not warn you that loging attempts are limited and failure results in permanent locking. Login failure can be due to typos, interrupted internet connection, busy server, Dynadot malfunction, reversed date formats - in other words, not necessarily your fault, and yet you are treated like a criminal for wanting to access your own account.


This has happened to others as well:

....

This may need a whole warnings and alert thread - it seems to keep happening.

Same thing has happened to me today. I will lose the two domains they now hold hostage, so be it.

Do not register domains with this company. Avoid Dynadot, do not give them any business.

 

[Name Trader]

@forge - What happened for them to lock you out of your account? I'm interested because they have been my preferred registrar for years. I have many domains there. I think their service is impeccable,

 

[Hypersot]

I'd like @Dynadot to comment on this as in,
is it that easy to get locked out of our account permanently?

I have my main emails and site with them and, if I'm locked out -for whatever the reason- it'd totally destroy me

 

[Name Trader]

@Hyperslot - You do know you should never have your domains and hosting with the same company? That would cause you untold grief if you lost both your domains and your hosting. Most disputes seem to be with the hosting accounts (generally not about dynadot). So if you get in trouble with your hosting and they lock your account you lose both the your domains and hosting. Whereas if they are at separate companies and you get in trouble with your hosting, you can just sign up with a new host and carry on. Believe me. Wise words.

 

[Hypersot]

@Hyperslot - You do know you should never have your domains and hosting with the same company? That would cause you untold grief if you lost both your domains and your hosting. Most disputes seem to be with the hosting accounts (generally not about dynadot). So if you get in trouble with your hosting and they lock your account you lose both the your domains and hosting. Whereas if they are at separate companies and you get in trouble with your hosting, you can just sign up with a new host and carry on. Believe me. Wise words.

You are absolutely right. I just didn't express myself correctly.
I have the domain with dynadot and hosting/emails with hostgator. I meant that emails are based on that domain.

It's just that, even if I lose/can't get access to said domain it will be a huge hit in case something happens and I'll need to access it.

Still, if they don't answer on this thread, I'll contact them and try to clear this up. I really don't want a company that has such restrictions on critical assets.

 

[DU]

Still, if they don't answer on this thread, I'll contact them and try to clear this up. I really don't want a company that has such restrictions on critical assets.

I'll say the same thing I always say.

Domainers -
First to complain when their domains get stolen
First to complain when their domains are protected from being stolen

They've never been an issue for me.

 

[forge]

@forge - What happened for them to lock you out of your account? I'm interested because they have been my preferred registrar for years. I have many domains there. I think their service is impeccable,

I've been told by their support that ALL user accounts are locked down by default. So if by chance you enter an incorrect date of birth upon unlocking, after 2 or 3 attempts you are denied access. In order to 'reset' your stated DOB, you are then required to answer a "secret question". I don't recall even setting a "secret question" answer for my account in the first place. Mind you, I never had any password issues for accessing at least the "first level" of my account.

If one time you answer this question incorrectly, your account will be locked down permanently until you "send" Dynadot a photo of a government-issued ID.

Say what you will, but as far as I'm concerned this is nonsense. It's not even worth my time discussing further, but feel free to argue among yourselves.

 

[DU]

I've been told by their support that ALL user accounts are locked down by default. So if by chance you enter an incorrect date of birth upon unlocking, after 2 or 3 attempts you are denied access. In order to 'reset' your stated DOB, you are then required to answer a "secret question". I don't recall even setting a "secret question" answer for my account in the first place. Mind you, I never had any password issues for accessing at least the "first level" of my account.

If one time you answer this question incorrectly, your account will be locked down permanently until you "send" Dynadot a photo of a government-issued ID.

Say what you will, but as far as I'm concerned this is nonsense. It's not even worth my time discussing further, but feel free to argue among yourselves.

For Those Who Might Want to Argue
The account lock is always the birth date. You could use a real one, a consistent fake one (how many NP members have Jan 1 birthdays!), or write it down.

It's like a password. It's important to have a record or use one you won't forget.

Secret Question
The secret question is YOUR OWN QUESTION and with YOUR OWN ANSWER.

Examples you can use:

Question: "It's a Color rhymes with foo and and a flower that rhymes with lows"
Answer: PurplooLilyoes

Question: "It's a fish but also a mammal"
Answer: "dolphin"

Question: "Two Plus Two is what?"
Answer: "dolphin"

Question: "What is a good word reversed"
Answer: "nihplod"

Question: "I'm not even going to ask a question because you know the answer (not purploolilyoes)?"
Answer: "dolphin"


One time entry seems harsh though. I think 2 goes or 3 would be ok. Or 1 per email soft reset.

 

[Dynadot]

@Hypersot Thanks for tagging us & for being a Dynadot customer! It's not easy to get locked out of your account. Most customers have no problem locking or unlocking their account. The ones that do are typically either people who didn't set up their own account or people who put jibberish in for their secret question and answer.

Also, our system doesn't lock you out of your account. People who don't remember their secret question/answer are still able to access their account and manage their domain names. The account lock we're talking about here is an extra layer of security designed to keep your domains safe, so one thing you can't do if you can't unlock your account (or someone else trying to access your account can't unlock it) is transfer your domains away.

Hope that helps! Feel free to email us [email protected] if you have any more questions.

 

[Hypersot]

@Hypersot Thanks for tagging us & for being a Dynadot customer! It's not easy to get locked out of your account. Most customers have no problem locking or unlocking their account. The ones that do are typically either people who didn't set up their own account or people who put jibberish in for their secret question and answer.

Also, our system doesn't lock you out of your account. People who don't remember their secret question/answer are still able to access their account and manage their domain names. The account lock we're talking about here is an extra layer of security designed to keep your domains safe, so one thing you can't do if you can't unlock your account (or someone else trying to access your account can't unlock it) is transfer your domains away.

Hope that helps! Feel free to email us [email protected] if you have any more questions.

Excellent answer

thank you

 

[Name Trader]

I've been told by their support that ALL user accounts are locked down by default. So if by chance you enter an incorrect date of birth upon unlocking, after 2 or 3 attempts you are denied access. In order to 'reset' your stated DOB, you are then required to answer a "secret question". I don't recall even setting a "secret question" answer for my account in the first place. Mind you, I never had any password issues for accessing at least the "first level" of my account.

If one time you answer this question incorrectly, your account will be locked down permanently until you "send" Dynadot a photo of a government-issued ID.

Say what you will, but as far as I'm concerned this is nonsense. It's not even worth my time discussing further, but feel free to argue among yourselves.

I think the quote from @DU is appropriate,

Domainers -
First to complain when their domains get stolen
First to complain when their domains are protected from being stolen

It looks like youve jumped on your high horse and refused to send them identification because, by your own actions, you have triggered their security systems. At that rate, I don't think you'll be able to transfer your domains out, either.

 

[carob]

Most customers have no problem locking or unlocking their account.

Hi Dynadot thank you for your general reply. Now could you kindly answer the unanswered question that has been put to you here and elsewhere:

In many parts of the world there is no requirement to have a photo id of any kind and many people do not have one. So how do you unlock those accounts?

 

[carob]

One time entry seems harsh though. I think 2 goes or 3 would be ok. Or 1 per email soft reset.

Just to summarise what we already know:

There is no warning that there is just one try, or that failure results in permanent lockout. On lockout user is asked to email in a government photo ID and wait 48 hours, and Dynadot offer no alternative procedure. Users are not told this on account creation.

 

[forge]

Providing your driver's license could put you at risk of identity theft

http://www.consumerreports.org/cro/news/2013/12/drivers-license-identity-theft/index.htm

“It’s a terrible, terrible practice," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "To begin with, it’s easily a contributor to identity theft, and it’s unnecessary.”

http://www.pcworld.com/article/136120/article.html

Information to Keep Private
Almost Never Provide Your...
Driver's license Though your state's Department of Motor Vehicles site may require you to enter this information, no other site should

 

[carob]

@Hypersott's not easy to get locked out of your account. Most customers have no problem locking or unlocking their account.

Hi @Dynadot you still haven't answered the question put to you here before and asked again before the weekend - can you please answer this now - there are important issues here:

In many parts of the world there is no requirement to have a photo id of any kind and many people do not have one. So how do you unlock those accounts?

 

[carob]

The account lock we're talking about here is an extra layer of security designed to keep your domains safe, so one thing you can't do if you can't unlock your account (or someone else trying to access your account can't unlock it) is transfer your domains away.

That is not true. And Dynadot knows it, and by saying and doing this they put their ICANN accreditation at risk by breaking ICANN domain transfer rules - as well as annoying and inconveniencing account holders and domain registrants.

It is technically accurate to say the account lock prevents you unlocking domains or generating authcodes from within the account, or changing account holder details. But you can still change registrant names and details if you want in the locked account, in fact Dynadot accounts are set up to hold multiple registrant profiles so one account may serve many registrants.

In a nutshell, ICANN sees the registrant as the owner and gives them a clear right to transfer the domain, regardless of whose account it is in - they can just directly tell Dynadot to transfer it to them, and then Dynadot has to unlock the domain and provide the authcode directly to them.
https://www.icann.org/resources/pages/transfer-policy-2015-09-24-en