- Joined
- Sep 15, 2009
- Messages
- 3,464
- Reaction score
- 1,171
I was trying to transfer 53 domains from Dynadot to @robmonster's Epik last night.
As I have 2FA, it asked for my birthday, ok. Then it asked for my favorite drink (I believe, or that was later in the 'I lost my phone' stage), followed by a Google Authentication code in which I entered and then an SMS code in which I typed in.
I submitted it too late as the G Authentication code had expired by seconds once the SMS code was put in and the form was submitted.
As I have my phone and learned my lesson that the SMS code should be inputted first because the G Auth code has a 30-second timer on it, I requested another SMS code. This in turn locked my account at Dynadot.
I asked chat support about what I should do? Their answer was to report that I lost my phone—BUT I DIDN'T LOSE MY PHONE; I WAS JUST UNABLE TO RECEIVE A 2ND SMS TO TRY AGAIN!
As they said this happens all too often, the system is backward. They should have the SMS code in the first box and the G Auth code in the second box. That way, one would reasonably think to receive the SMS code and then enter the G Auth code to proceed to unlock domain(a). I'm sure it'd alleviate their two-day manual review process, as what I was quoted, to restore accounts.
They need to give chat support the ability to send an SMS to verify the phone still being in my possession (as I logged in with 2FA in the first place) and change the design of the form flow as I'm locked out for the weekend and possibly further into the week. Luckily only 1 domain is expiring, but, I can still transfer that out in 30 days.
I applaud them on hardening an account, but this is over the top. I can easily login with (A) 2FA and (B) get an SMS code at any time, relieving the need to put in a support ticket that I lost my phone when if I met (A) and (B), I am obviously in possession of my phone and my account can be unlocked with (A) to see my dashboard. Hell, add a 3rd counter-measure of a random secret answer or two out of 5 generic ones such as high school, maiden name, etc. (as I forgot what I put in as my favorite drink because it changes so often). But remove the necessity of submitting an 'I lost my phone' request when this isn't the case.
As I have 2FA, it asked for my birthday, ok. Then it asked for my favorite drink (I believe, or that was later in the 'I lost my phone' stage), followed by a Google Authentication code in which I entered and then an SMS code in which I typed in.
I submitted it too late as the G Authentication code had expired by seconds once the SMS code was put in and the form was submitted.
As I have my phone and learned my lesson that the SMS code should be inputted first because the G Auth code has a 30-second timer on it, I requested another SMS code. This in turn locked my account at Dynadot.
I asked chat support about what I should do? Their answer was to report that I lost my phone—BUT I DIDN'T LOSE MY PHONE; I WAS JUST UNABLE TO RECEIVE A 2ND SMS TO TRY AGAIN!
As they said this happens all too often, the system is backward. They should have the SMS code in the first box and the G Auth code in the second box. That way, one would reasonably think to receive the SMS code and then enter the G Auth code to proceed to unlock domain(a). I'm sure it'd alleviate their two-day manual review process, as what I was quoted, to restore accounts.
They need to give chat support the ability to send an SMS to verify the phone still being in my possession (as I logged in with 2FA in the first place) and change the design of the form flow as I'm locked out for the weekend and possibly further into the week. Luckily only 1 domain is expiring, but, I can still transfer that out in 30 days.
I applaud them on hardening an account, but this is over the top. I can easily login with (A) 2FA and (B) get an SMS code at any time, relieving the need to put in a support ticket that I lost my phone when if I met (A) and (B), I am obviously in possession of my phone and my account can be unlocked with (A) to see my dashboard. Hell, add a 3rd counter-measure of a random secret answer or two out of 5 generic ones such as high school, maiden name, etc. (as I forgot what I put in as my favorite drink because it changes so often). But remove the necessity of submitting an 'I lost my phone' request when this isn't the case.