How Using an Organization Name Made a GoDaddy Account Inaccessible
“I shouldn’t put my name here, I won’t be president of my condo association forever.”
So my client, the current President of (name changed, because reasons) Forest Green Condo Association put in the account holder name as “Forest Green President”. At the urging of GoDaddy, for better security, he then set up 2FA using Microsoft Authenticator.
Today, this is cause for regret.
You see, he seems to have forgotten his password. And a password reset requires 2FA, but since he changed phones to a new device, he doesn’t have that device any more. So he needs access.
GoDaddy has instructions: send in your photo ID and we will someday unlock it for you after a lengthy manual process. So he dutifully took a photo of his ID and sent it in.
Unfortunately, his driver’s license does not have the name “Forest Green President” on it. And whoever received the email was not going to say, “hey, this name is clearly a role, not a person’s actual name, let’s sort this out.” Rather, off goes a form letter email: “These names don’t match.”
All avenues are not exhausted. A more comprehensive email will go out with documentation that this is an organization and my client is the president, and so on. Hopefully, someone will take note that it his personal name on the credit card to which the services get billed, because that seems relevant, right?
I’ve seen clients many, many times use “names” that are actually roles or a variation on the organizational name. However, even more so today with the heightened security awareness coming out of high-profile, successful ransomware attacks, this can be dangerous.
An obstinate provider could deny access to an account, possibly forever, but at least until you go through a lot of extra hoop-jumping.
My recommendation: put a real person’s name on the account, make sure that person is trusted, and make sure that if that person leaves, there is a mechanism already in place for it to be changed.
Bonus thought: if the one reviewing the email is going to be so thoughtless with stamping “Approve” or “Deny”, and they already say that you can obscure some of the personal information on the image you send (like eye color, height, weight, etc.), I suppose you could also just alter the image so the name of the person really appears to be “Forest Green President”. Maybe we should try that….
