When contacting GoDaddy customer service, whether over chat or phone, they often ask for both a PIN and a two-step verification code (which they confusingly refer to as “google auth codes”).
Then PIN can be found when you log in to your GoDaddy.com account, but the two-step verification code is something you’d need to get from whichever app, service, or hardware device you use to generate two-step verification codes (compatible options listed here).
Typically two-step verification codes are time-based one-time-use codes I’ve only used when logging in to my own accounts through my own web browser or mobile app on my own devices. I’ve never had any other customer service representatives from other companies ask for these codes. Usually they just ask for PINs (if the service is set up to use those).
Why would GoDaddy customer service require two-step verification codes? Are they actually using it to log in to your account on their end? If so, how could they do that without having your password? Also, is it poor security practice to require customers to share two-step verification codes with someone else in this manner?
I found this related question from someone concerned with customer service reps asking for PIN codes here, and people agreed that even that is poor security practice.