Namecheap announces support for TOTP-based 2FA

It's about time. This has been a wish list item for years. They had a proprietary 2FA option but that was a non-starter for me.

TOTP is far too easily phishable. User studies have shown that in any large organisation, some small percentage of even the most technical staff will enter an OTP into a phishing page. You might think &#x27;I&#x27;m not that dumb&#x27;, but study after study shows you are!<p>The future is hardware U2F tokens. They can securely check the web-origin of a request and only give the token to the correct origin.

I hated having to use a proprietary app for this (even if it was based on the Authy SDK), so this is a nice improvement.<p>I&#x27;d really like to see U2F support though as well, domains are very valuable assets and deserve the strongest protection possible.

Their old one was so bad I actually learned how to use route 53 just to migrate out of it.<p>Their CEO is just pretending to be forthright here. I have a tweet where he replied to me from February 2014 that said Google Auth support is coming in a couple of months.<p>This all happened because I got locked out of my namecheap account when THEIR system wouldn&#x27;t sms me the code and they had problems with the voice calling.<p>So I emailed support. They called me 5 hours later to ask me a bunch of questions. Here&#x27;s the funny part: they called me on the number I had used for 2FA. Isn&#x27;t the fact that I answered that number proof enough that I had it?<p>Everything they do is half assed including their Frankenstein panel that&#x27;s a mix of their old interface and their new one.<p>Anyway. Good riddance. Only use namecheap if you can&#x27;t afford the $1 it costs to host your dns on route53.