What is a one-time password?
A one-time password (OTP) is an extra layer of security we use to verify your identity when making changes to domains with domain protection added. Accounts with 2-step verification (2SV) set up won't need to use an OTP for identity verification.
How does OTP work?
Certain domain actions can't be completed until your identity is verified. When completing these actions, we'll send a verification code via SMS or an authenticator app if you've had 2-step verification (2SV) enabled for at least 24 hours. If you don't have 2-step verification set up on your account, you'll need a one-time password sent to your registrant email address by selecting the Send Password button during verification.
When will I get an OTP?
You'll need to request an OTP when you don't have 2-step verification set up and are making certain, protected changes to your domain, such as editing DNS records, unlocking before transferring, or changing your domain protection plan. Remember, if you have 2-step verification set up, you won't need to request a one-time password.
Where will I the OTP be sent?
We'll send the OTP to the Registrant email address listed on your domain name. You can view your domain contact information, including the registrant email address associated with the domain, in your GoDaddy account.
Are there any OTP limitations?
Yes, there are a few limitations you'll need to be aware of to keep your domain protected.
- Your OTP code is only valid for 60 minutes after it's been requested.
- You're limited to requesting 5 one-time passwords in a 7 day period per action per domain.
- If you enter an incorrect password 3 times, you'll be locked out of that action on that domain for 24 hours.
- Update the contact information on your domain to make sure everything is accurate.