A few weeks ago I bought a couple of expiring domains from tdnam.com at near reg fee, and a series of e-mails were sent and the domains transferred to my account, as expected.
But oddly, today I received an e-mail telling me that the transaction domain that I never bid on or referenced in any way had complete, and referenced my GoDaddy customer # in the e-mail.
Unlike the domains I actually paid for, there was no e-mail indicating that I'd ever bid on it or had any prior involvement (the transaction complete e-mail is usually one that follows a 2-3 other e-mails).
Nor was there any indication I'd paid anything in my order history.
I called GoDaddy and they said I wasn't charged for anything. The domain is not in my account, and they were perplexed that it happened and escalated it and said they'd send a follow-up e-mail.
So, even though I wasn't charged, it does make me a bit nervous that there is the possibility of some sort of cross-account stuff going on or hacking or bug in the software. Obviously I wasn't harmed that I'm aware of by this, but at the same time, it is definitely one of those notable moments.
....
Regarding security, I've asked GoDaddy if they'll consider creating an one-time password key FOB like PayPal and Name.com offer, where one has no password to remember at all, so no risk of a password breech, but rather one logs in with a challenge/response mechanism.
And regarding security: Oddly, GoDaddy does not let one create a password with non-AlphaNumeric characters in it, which is counter-intuitive from a security perspective. Modern standard secure password practices now *require* special characters in the password (at least one), as well as at least one capital letter and one digit.
But whether or not a special character should be *required* by GoDaddy to enhance password security, it certainly should be *allowed*. When I see those kinds of byzantine restrictions, I have to wonder who in their IT department is setting their security policy and why. Is it just some kid making arbitrary decisions who is out-of-touch with the state-of-the-art security?
Sorry - but I expect some conformity to state of the art security standards with these registrars, *especially* when I see things happen like I did today with activities associated with my account that I didn't engage in.
But oddly, today I received an e-mail telling me that the transaction domain that I never bid on or referenced in any way had complete, and referenced my GoDaddy customer # in the e-mail.
Unlike the domains I actually paid for, there was no e-mail indicating that I'd ever bid on it or had any prior involvement (the transaction complete e-mail is usually one that follows a 2-3 other e-mails).
Nor was there any indication I'd paid anything in my order history.
I called GoDaddy and they said I wasn't charged for anything. The domain is not in my account, and they were perplexed that it happened and escalated it and said they'd send a follow-up e-mail.
So, even though I wasn't charged, it does make me a bit nervous that there is the possibility of some sort of cross-account stuff going on or hacking or bug in the software. Obviously I wasn't harmed that I'm aware of by this, but at the same time, it is definitely one of those notable moments.
....
Regarding security, I've asked GoDaddy if they'll consider creating an one-time password key FOB like PayPal and Name.com offer, where one has no password to remember at all, so no risk of a password breech, but rather one logs in with a challenge/response mechanism.
And regarding security: Oddly, GoDaddy does not let one create a password with non-AlphaNumeric characters in it, which is counter-intuitive from a security perspective. Modern standard secure password practices now *require* special characters in the password (at least one), as well as at least one capital letter and one digit.
But whether or not a special character should be *required* by GoDaddy to enhance password security, it certainly should be *allowed*. When I see those kinds of byzantine restrictions, I have to wonder who in their IT department is setting their security policy and why. Is it just some kid making arbitrary decisions who is out-of-touch with the state-of-the-art security?
Sorry - but I expect some conformity to state of the art security standards with these registrars, *especially* when I see things happen like I did today with activities associated with my account that I didn't engage in.
