advice How Two Factor Auth totally saved my A**!

[frostify]

I'm hoping that this post serves to vouch for how two factor authentication on your domain accounts can protect your account and keep your investments secure.
-
The true story:

The night before I got a strange email from a Chinese company asking if I would permit a company in China to operate under the company name "Frostify" which as you may recognize is and has been my username on NamePros (as well as Flippa, Pheenix, and other domaining related sites). As I am the owner of Frostify.com (which is available to anyone on BB had this company wanted to rightfully buy it) and have used it as my username/"brand" for about 5 years, I told them they cannot have it unless they were willing to buy the rights along with the .COM on BB.

Now keep in mind this email (which I read from my @yahoo.com account on Yahoo.com itself through the web browser on chrome with a Mac Mini that I keep up to date and basically malware/virus free) had no file attachments or downloads or anything like that.

No response from Chinese company, I go to sleep.

So I was awaken at 8AM before my commute to work when my phone went off with a text message. I thought maybe it was a friend or family wanting to chat but this message came from GoDaddy and said "Your 2-Step Verification Code is: 123456" (obviously not the actual code). The only time I receive this message is after a successful username/password attempt on my GoDaddy account and then the final step would be to enter this code. LUCKILY the two factor auth is the ONLY thing that stopped a potential hacker from getting into the account (which has Frostify.com assigned to it as well as many other investment domains and even personal names such as *firstname*.xyz and *firstlastname*.com and domains of website projects I have.) I would honestly say it would be much worse for me financially to have my GoDaddy account hacked then it would be to have my bank acc hacked. (it's harder to recover from a domain hack, I also have more in "savings" with domains than I do in USD).

I have no proof that it was the company from the email the night before that had attempted to hack my account but it is possible. I don't mean to wrongfully accuse them as I have no proof. This is speculation on my part.

I immediately contacted GoDaddy and they were able to confirm that 2 factor stopped them and then urged me to change my pass which I immediately did.

I still have no clue as to how they got my password as it was a password I only used on GoDaddy and it was very secure with symbols, upper case, lower case, and numbers. That part still concerns me.

Now I'm not going to lie, two factor auth is very annoying at times, especially when you just need to make a quick change or check on something you need to wait for them to text you a pin and enter it and all that but it's worth it!

Moral of the story, please enable 2 factor auth on your domain accounts to keep it secure, by having it I totally avoided a nightmare situation where I would have stood to loose my NP username .COM, my personal name .COM, multiple LLLL.com's, One Word Dictionary .com's, and more.

TL;DR: A company *may have* tried to hack into my GoDaddy account, 2 factor auth saved me, everything was fine all due to 2 factor, go now and enable 2 factor.

Edits: disclaimers regarding potential source of the attack.

 

[N-A]

Glad to hear about 2FA keeping your domains safe.

But, I must add, this post is full of speculation: Jumping from an offer email straight to accusing them of hacking to outright steal the domain that was requested. You ought to watch out, this is slander as it is not proven in your statement that the Chinese company is in fact is responsible for this.

 

[frostify]

Glad to hear about 2FA keeping your domains safe.

But, I must add, this post is full of speculation: Jumping from an offer email straight to accusing them of hacking to outright steal the domain that was requested. You ought to watch out, this is slander as it is not proven in your statement that the Chinese company is in fact is responsible for this.

I actually agree with you and didn't realize it until I re-read my post, I've made some slight changes.
To anyone else reading this, it is speculation on my part and I have no solid evidence that it was the company that emailed me the night before that did indeed attempt to hack my account, it just seemed likely in a personal sense given the circumstances.

 

[LucidDomains]

Can't be slander if he didn't mention the company name. It's just speculation.

2FA is awesome, make sure to enable it on your email accounts too.

 

[frostify]

Can't be slander if he didn't mention the company name. It's just speculation.

2FA is awesome, make sure to enable it on your email accounts too.

I think the mod was simply referring to the country of origin, China in this case.
I don't mean for this post to slander any country or nation, it could have very well came from any part of the world.

Also, great tip, keep your email accounts safe with 2FA if possible as it is normally where reset links will be sent if someone clicks "I forgot my password".

 

[N-A]

Can't be slander if he didn't mention the company name. It's just speculation.

I think the mod was simply referring to the country of origin, China in this case.

Some are smart enough to put 2 and 2 together. The OP said a company from China operating for approximately 5 years under the name requested was the culprit. I'm sure there are public records to determine precisely who this could be and anyone could find it with some digging, but, I think the edit suffices in this situation for it to no longer be slanderous as it originally appeared.

And I didn't post that as a mod of NamePros as there was no rule violation per say, rather, a person concerned about the potential well-being of another's company.

 

[ikhub]

Yes, thats a very good service which GD provides free and everyone should enable it.
Hope other registrars should follow it too.

 

[Hypersot]

While I'm happy that you saved yourself from the worst, I'd be more interested to know how they got both your username *and* password in a single session.

Do you have any protection other than a basic anti-virus on your system?
How about any script protection on the browser? (I don't use chrome so I don't know if there is any such addon for chrome)
In my experience, chrome has been the least secure browser to use but that's just me

 

[Blueforever]

The same happened to me a few months ago, I got the text asking for the code, even though I never attempted to login. To this day I still have no idea how my password and username was found out as it was unique and not used elsewhere. I immediately changed my username and pw after that.
2 step auth is a godsend.

 

[golan]

Wow. I'm glad for you that you went safe from this.

 

[CamMK27]

Good to know. I have also been using it for a while. A few other registrars offer it as well such as NameCheap and I think Dynadot..

Today I received an email from one of the registrars for a one word .net transfer and I was surprised to see that, because I have not sold the domain neither have I initiated the transfer. I emailed the registrar where the transfer was initiated to sort this out. Hopefully all will be sorted out soon.

I believe 2FA is a must DO step even when it is annoying sometimes.

 

[ED1190]

I use GoDaddy, and reading this just makes me want to go implement two step auth right now.

 

[frostify]

I use GoDaddy, and reading this just makes me want to go implement two step auth right now.

Please do, it's better to have it and not need it than to need it and not have it

 

[Name Trader]

2FA is great only as long as you receive the SMS messages. Sometimes I have never received these SMS messages. Sometimes they have been hours late. I would say that 8 times out of 10, I have to ask them to send it again. Maybe up to 5 times before they all come at once. I only ever get this bad service at GoDaddy. nowhere else. Not conducive to quick checks and edits.

 

[frostify]

2FA is great only as long as you receive the SMS messages. Sometimes I have never received these SMS messages. Sometimes they have been hours late. I would say that 8 times out of 10, I have to ask them to send it again. Maybe up to 5 times before they all come at once. I only ever get this bad service at GoDaddy. nowhere else. Not conducive to quick checks and edits.

My suggestion would be to just keep your most valuable names (Maybe $500+) or whatever you see fit onto a separate more protected acc with 2FA and then you're cheaper names or names that don't need to be as assured onto a separate acc with 2FA disabled if it's really a struggle getting the texts, I would advise contacting the registrar first to see if they can solve the texts not going though as it could be something on their end.

 

[Jv1999]

I still have no clue as to how they got my password as it was a password I only used on GoDaddy and it was very secure with symbols, upper case, lower case, and numbers. That part still concerns me.

I know how they did it. They just used your "frostify" username (chancing it was the same as your GoDaddy username), then used a dictionary attack.

Any password can be cracked, it just takes time. I've seen these hackers work... it's unbelievable. They have special software (like ddos) where they probably try out combos at intervals so it won't be detected by the server.

 

[DnEbook]

Is Godaddy offering two factor for all countries? Last time I looked into it, on the U.s.a was on offer

 

[deez007]

Jeepers man!.... glad to hear u managed to come out on top.

2FA is def a must have. It is still very concerning how they managed to get ur password, especially considering that you say u use that password exclusively for GD.

Did you ask GD if they could maybe shed some light on how they might have managed to access you account password?

 

[deez007]

Is Godaddy offering two factor for all countries? Last time I looked into it, on the U.s.a was on offer

As far as I know it should be all countries... I'm based in South Africa and I have it activated... so I'm sure most other locations won't be a problem

 

[Jv1999]

As far as I know it should be all countries... I'm based in South Africa and I have it activated... so I'm sure most other locations won't be a problem

How does it work exactly?

Do you have to get the text EVERYTIME you log in...? because then..

 

[deez007]

How does it work exactly?

Do you have to get the text EVERYTIME you log in...? because then..

Yeah basically EVERYTIME you log into you account u get a text message on ur mobile phone with the code... normally happens in a few seconds... there was only one time where it was like delayed by an hour. It is a bit of annoying at times but still a must have, the minor inconvenience is nothing compared to the consequences of an account hack

 

[AuctionBio]

This is really a nice share and I appreciate that you shared it. I will also strongly recommend to use double authentication, you are right that it annoys a lot some time but it worth having it.
Once I was not getting any authentication sms for more then 24 hours, that time i thought to should remove double Auth from my GD account, but I just did not remove it.
I wish to have save savings for every one.

 

[ED1190]

Now, couldn't you still get hacked even with two factor auth? LOL.

Like someone said, some hackers are unbelievable.

 

[AuctionBio]

Is Godaddy offering two factor for all countries? Last time I looked into it, on the U.s.a was on offer

I think yes, they do.

 

[Jv1999]

Now, couldn't you still get hacked even with two factor auth? LOL.

Like someone said, some hackers are unbelievable.

Theoretically, yes. But we're talking about Anonymous-level hackers or some shiz like that LOL.

They'd basically have to seriously target you hard. Not only would they be hacking your username/pass, but they'd have already installed software onto your phone to snoop the text with the code.

It's actually pretty easy now that I just read what I wrote :P. If you use your phone to surf the web... and malware happens... then they'd have access to your phone.