OneTouch 2FA Two-Factor Authentication

Announcing OneTouch 2FA Powered by Authy

Namecheap is proud to announce the next step in account protection and privacy.

OneTouch 2FA is our newest Two-Factor Authentication (2FA) option, adding additional security to all Namecheap accounts. And it’s available right now for all Namecheap customers!

What is OneTouch 2FA?

Two-Factor Authentication adds an extra layer of security to your Namecheap account. When activated, whoever logs into an account will need to have physical access to the account holder’s phone, tablet, or other approved device with the Namecheap app installed.

If someone steals or guesses the password, without the phone, that person won’t be able to log in to the account.

2FA request screen

In the past, we have offered 2FA as a text message we sent to your phone. With OneTouch, all authorization requests can be quickly viewed in the Namecheap app, with a fast ‘one touch’ approve/deny option.

How Do I Get OneTouch 2FA?

To enable OneTouch, you will need to log into your Namecheap account. From there, navigate to ProfileSecurity → Two-Factor Authentication. Enable 2FA using the toggle, and our system will walk you through the process from there.

Instructions for upgrading 2FA

If you already had 2FA enabled, you’ll just need to click on the “Upgrade to OneTouch” button. If this is your first time enabling 2FA, you will first need to set up text message 2FA. At that point, you will be able to upgrade.

You will need to install the Namecheap mobile app, which is available from the Android or iOS app stores (depending on the type of device you have). If you already use our app, be sure you’ve updated it to the current version. That ensures you’ll see the OneTouch 2FA option.

If you need any assistance setting up OneTouch 2FA, feel free to reach out to our Customer Support team, who will be happy to help you out.

17 thoughts on “Announcing OneTouch 2FA Powered by Authy”

  1. This was a confusing roll out and the directions on your site do not clear it up. I now have the Namecheap app setup, but somehow in the process I also have an entry in Authy. Am I able to delete the Authy entry or does the namecheap app depend upon that being there? Is there an Authy only setup that is possible that doesn’t involve using your app?

    What is the procedure to get into the account if I don’t have access to your app? Does the app setup stay intact when migrating to a new phone via iTunes or iCloud? Is it possible to get a recovery code? Is the phone number removed as an option for 2 factor once this is setup? It should be as getting away from ability to fall back to SMS by an attacker is the point of using Authy.

  2. > This was a confusing roll out and the directions on your site do not clear it up.

    I appreciate the effort to bring better security to our NameCheap accounts but I would agree with the sentiments of Eric, this was a confusing process to me and I’m a pretty advanced user. The confusion will only make it less likely that non-technical users will adopt this new 2FA method.

    > Is there an Authy only setup that is possible that doesn’t involve using your app?

    I also agree with this. I don’t like the fact that I am required to install the NameCheap app. The app itself provides little else, I’d rather you used typical TOTP so I could use the app of my choice (Authy, Google Authenticator, LastPass Authenticator, etc.). TOTP would also allow you to provide a QR code like every other two-factor implementation and the setup would be brain-dead simple.

    Please give us basic TOTP as an option.

    1. There are many different options for implementing 2FA. While I understand the appeal of Google Authenticator or other options, there really is no perfect solution out there.

      1. But since it is already using Authy (which is identical to Google Authenticator in generating the TOTP) ot is just an extra unecessary app.

      2. I completely disagree. TOTP is a perfect solution used by so many companies. Making yet another app that people have to install is not a solution, and just frustrates people. We already have 2FA apps that have all our other websites, so why is Namecheap going against the grain? And how ironic is it that your app is “Authy powered” but you don’t support Authy…

  3. +1 to everything Chris has said. TOTP is the simplest solution to this situation. Having to install an app that requires the phone to have network access to approve/deny login requests is overcomplicating the point of the MFA: two-factor security.

    It’s also worth mentioning that you’re dead in the water if your device a) doesn’t support the app (whereas TOTP is agnostic) or b) don’t have Internet connectivity on the phone (eg just because your computer has Internet doesn’t mean your device does too).

    Surely, a basic TOTP solution is both simpler to set up for users because we’re all used to it, but also simpler/cheaper to maintain from Namecheap’s systems point of view…

  4. It appears that this *is* using TOTP, it’s just using a branded version of the Authy app (as can be seen from the first post, where the Namecheap OTP setup appears in both the branded app and the normal Authy app).

  5. I agree with Eric and Chris. Jackie, I didn’t see you answer the question. Is there a standard Authy option? I am not going to install some proprietary application on my phone in order to control security — I want an open and standard 3rd-party solution. I was excited when I saw email about Authy, but now that I understand I misread the announcement, not-so-much.

    1. Thanks for your feedback.

      Our team decided to implement the system as described here. We appreciate your desire for another method but that’s not the way they decided to use Authy at this time. As they continue to iterate on our 2FA system, other methods may be implemented in the future.

  6. If will be nice to have NameCheap offers enter Authy code. I personally do not like install additional Apps (NameCheap) for 2FA options.

    Hopefully sooner or later 3rd options, entering code generated by Authy will be available. ;)

  7. Whilst I appreciate the efforts in this, I’m afraid I have to agree with all the other comments. I already use Authy for a number of services and don’t want to install the Namecheap app (it’s worth noting that none of the other services require their app to be installed). Why bother using Authy if you expect people to install the Namecheap app too?

    Please, please, please implement a _proper_ 2FA method by simply using Authy/Google Auth :)

    I’ll be sticking with the SMS option for now.

  8. Disappointing that we are required to use a first party application that is powered by the already extremely well established Authy 2FA. I don’t like having redundant software on my devices. I will be, unfortunately, sticking with SMS 2FA with Namecheap for now.

  9. SMS 2FA is not secure, and installing branded OTOP app is a non starter when I already have my preferred OTOP loaded with many other entries.

Leave a Reply