What is OTP?

A one time password (OTP) is an extra layer of security we use to verify your identity when you complete certain actions on a domain name that has an upgraded protection plan with Ownership Protection.

How does OTP work?

If your domain has Ownership Protection, certain domain actions can't be completed until your identity is verified. If you enabled two-step verification (2SV) more than 72 hours ago, we'll send a verification code via SMS or using your preferred authentication application. If you don't have 2SV enabled, or it was enabled within the last 72 hours, we'll send a one time password to your email address instead.

When will I get an OTP?

We'll send an OTP if you're trying to complete any of these actions on a domain with Ownership Protection and haven't had 2SV enabled for more than 72 hours:

• Downgrade protection plan
• Delete domain
• Turn off auto-renew
• Toggle WHOIS visibility
• Change nameservers
• Download an exportable list of domains

OTP limitations

To make sure your domain remains protected, there are a few limitations you'll need to be aware of.

• Your OTP code is only valid for 60 minutes after it's been requested.
• You are limited to requesting 5 one time passwords in a 7 day period.
• If you enter an incorrect password 3 times, you'll be locked out and unable to request another OTP for 24 hours.

Where will I get an OTP?

We'll send the OTP to the Registrant email address listed on your domain name. This is an additional layer of security to protect your domain name from malicious takeover attempts.

Where can I view or update my Registrant email address?

You can view all contact information, including the Registrant email address associated with the domain, in your Domain Manager.

More info

• Use two-step verification to protect your entire GoDaddy account.