CS · EN

Admin Panel - Customer Account Security

In this article you will learn:


Confirmation via link in email

If you have enabled email notifications about sign-ins to the customer administration, you can make successful completion of sign-in conditional on clicking the link in this email.

This feature is available only to customers who have a phone number listed and verified on the account.

Set up the security settings with this confirmation by following these steps:

  1. Log in to the customer administration ⧉.
  2. In the top menu, select My account Customer.
  3. In the left menu, click Account Security.
  4. In the Account Settings box, set the frequency of sending emails with sign-in information and requesting confirmation via link.
  5. Confirm the changes with the Save changes button.
Setting up sending emails with sign-in information and a confirmation link
Setting up sending emails with sign-in information and a confirmation link

You can have an email with a sign-in notification for the customer administration and possibly a link sent:

  • Always (on)
    • With every sign-in
    • The first time within an open browser session
  • When signing in from an unknown location (important only)
    • If the browser or IP address has changed since the last sign-in
    • If the browser or IP address has changed compared to the entire sign-in history
  • Never (off)

If you turn off sending the sign-in notification, you cannot activate sending the confirmation link either.

Confirmation with one-time password (OTP)

OTP is an abbreviation for One Time Password. It is a one-time password of six digits that is valid for 30 seconds. After this time expires, a new password is generated based on the so-called shared key. You create this key when activating OTP authentication, and it is stored both on our server and in the device you use as a keychain. If the keychain and the server are synchronized with each other, the passwords based on the key match, and you can sign in with them.

Due to the length of the password and the limited time of its validity, it is very unlikely that a potential attacker would guess it. Combined with the regular password for the customer account, it therefore provides fairly effective protection.

Requirements for OTP authentication

First, make sure that you have an up-to-date mobile phone number and email address set on the customer account. In case you lose the keychain, we will use these details to verify your identity and restore access.

To generate the one-time password itself, you use a so-called keychain – a device on which you read the corresponding one-time code at a given time. Most commonly, you will use a mobile phone, for example through these apps:

If your phone does not support mobile apps, you can use a browser extension:

Activating OTP in the administration

If you have:

  • an up-to-date mobile phone number and email address set in the customer administration,
  • a keychain prepared in a mobile phone or browser,

you can proceed with OTP activation. Follow these steps:

  1. Log in to the customer administration ⧉.
  2. In the top menu, select My account Customer.
  3. In the left menu, select Account Security.
  4. In the Two-factor authentication (OTP) box, click the Set up OTP button.
  5. Copy the code of the shared key into the selected keychain, or scan the QR code.
  6. Enter the customer account password and the valid OTP password (6-digit number) from the keychain into the fields.
  7. Click the Activate button.
Activation of two-factor OTP verification
Activation of two-factor OTP verification

At the next sign-in, the system will prompt you to enter the OTP password.

You can run the application with the given shared key on multiple devices. If one device fails or is lost, you can therefore use a backup solution.

If you enter the password incorrectly, or another error occurs during activation, delete the existing account from the keychain and start the entire process again. The system will generate a new shared key and invalidate the old one.

Deactivating OTP

If you have access to the customer administration, proceed as with activation, but in Account Security click the Two-factor authentication (OTP) box and then the Deactivate button.

Deactivating OTP
Deactivating OTP

Loss of OTP keychain

If you do not have access to the customer administration because you lost the OTP keychain, follow these steps:

  1. Enter the login name and password into the customer administration ⧉.
  2. In the next step, click the I lost my OTP keychain link.
  3. Check your email inbox. Within 5 minutes of sending, click the OTP keychain cancellation link in the email WEDOS Internet – OTP keychain deactivation from wedos@wedos.com.
  4. On the link from the email, click the send SMS button.
  5. Enter the Verification SMS code into the field.
  6. Check I am not a robot and click the submit button.
Confirmation of OTP deactivation via email link
Confirmation of OTP deactivation via email link

OTP is now deactivated.


Logging out active users

If you suspect that someone has signed in to your customer administration without authorization, you can log out active users of the customer administration:

  • By a link in the email with information about signing in to the customer account (more on its setup in the chapter Confirmation of sign-in via a link in the notification email). The email will come from no-reply@wedos.com and the link has the form https://login.wedos.com/logout-all/(specific_command_code).
  • By a button in the customer administration.

To access the button for logging out all active users of the customer administration, follow these steps:

  1. Log in to the customer administration ⧉.
  2. In the top menu, select My account Customer.
  3. In the left menu, click Account Security.
  4. In the Log out of all sessions box, click the Log out all button.
Logging a user out of all active sessions
Logging a user out of all active sessions

Checking sign-in history

If you want to check when and from where someone signed in to your customer account, follow these steps:

  1. Log in to the customer administration ⧉.
  2. In the top menu, select My account Customer.
  3. In the left menu, click Sign-in history.

The table gives you a quick overview of the status and origin of sign-ins to the customer administration. You can get more details by clicking the magnifying glass icon on the left side of the row.

Displaying sign-in history
Displaying sign-in history

Common problems

Common problems with account security include:

Missing confirmation in email

Problem: In the Account Settings menu, the option "require sign-in confirmation using the link in the email with sign-in information" is missing.

Cause: The account does not have, or until recently did not have, a verified phone number.

Solution: Set and verify a phone number for the account. Then turn off and on again sending emails with sign-in information to the customer account.

OTP activation failed

Problem: Due to an error in the system/keychain, activation did not complete correctly.

Solution: Delete the given shared key from the application and activate OTP again from the beginning.

Unavailable contact for OTP deactivation

Problem: We want to deactivate OTP, but we do not have access to the given email or phone.

Solution: Contact us via the form. Provide the login email for the account and a request to deactivate OTP. The WEDOS authorization department will usually resolve the next steps with you within 1 business day.


Frequently asked questions

Can someone manipulate services in my account without logging in to my customer administration?

Services in your customer account can be manipulated by authorized users for those services, domain owners (according to the registry) can transfer them from another customer's account into their own using the authorization password

How can I protect my websites and other services from misuse?

Primarily by adding additional account security (see the chapter Securing sign-in to the WEDOS customer account) and by consistent backups, including local or even offline storage. For domains, consider insurance.

Which OTP keychain should I use if I do not have a smartphone?

There are also browser keychains.

Can I have more OTP keychains? How do I set them up?

Yes, set up all keychains at once with the same shared key. You can then add another device in the customer administration ⧉.