Don't use NameCheap for the .fr TLD
reddit.comThe worst domain name story that happened to me was with my .name domain name, the one I still use for my personal web page.
When I got it, it was only allowed to register subdomains in the form of firstname.lastname.name and I even had to provide my ID card to be able to register the domain name. The deal then was that I could use DNS zone of the subdomain, and in addition got an email redirection from firstname@lastname.name to whatever email address I would choose.
A few years after that, VeriSign suddenly stopped supporting the email redirection feature, with not even a single warning sent to customers like me. From one day to another, I lost the main email address I used to communicate and for all of my online accounts. It was a mess to deal with this.
To this day, I was never able to get hold of my lastname.name, to be able to restore my email address. Even though I'm the only one in the world using a subdomain of it. The only solution that has ever been suggested to me by VeriSign customer support would be to let it expire, and hope that no squatting bots get it before me so once the grace period expires, I can try to register the first-level domain. But that would mean several weeks where my website would be down, and all that with the uncertainty of actually being able to actually get it back.
So you got sold a subdomain? That's a new one for me.
That was the original idea behind .name. You buy firstname.lastname.name. When it wasn’t a huge success they got bored and it reverted to a regular tld.
Interesting, but also a bit worrisome idea. I wouldn't be comfortable knowing that someone else can buy the adjacent subdomain anotherfirstname.mylastname.name and be associated with me in the eyes of anyone who doesn't know how that TLD works (which would be almost everyone).
That's a bizarre concept. Names are generally not unique.
Yeah, my dad got one of those back in the day. He still uses the email address.
Is it any different from getting a .co.uk domain, really?
At the time the idea of .name was that for example someone with a common family name shouldn't be able to get it only for them and deprive all the other people named like them from having their .name domain and email address. Of course it didn't work for people also having the same first name, and in that case it was still a first come first serve basis.
Anyhow, first level domain were to be "shared", non directly registrable, domains.
Since they decided to open it up for first level registration, there has been no way to get a once-shared first level domain, even when you're its only user.
.uk.com and various others are/were subdomain sellers.
Aren't they all technically subdomains? I want .
Omg.lol does that, but it is an address with superpowers, although I think you can buy .lol domains too.
It's not exactly the same as omg.lol is owned by someone who sells subdomains of it. The principle for .name was that the second-level domain was not in control of anyone (well, except VeriSign of course, but just like TLDs), it was a shared domain.
If you attempt a whois on omg.lol you get a normal whois. If you do a whois on a shared .name domain you get this:
Not available for second level registration. Third level registrations may be available on this shared name. To request access to data listed as “Redacted” or “Redacted for Privacy” in the above WHOIS result, please contact Customer Service at info@verisign-grs.com> Omg.lol does that, but it is an address with superpowers, although I think you can buy .lol domains too.
I've peeked at omg.lol and it looks like they aren't in the business of registering subdomains per se. They try to sell you a bunch of services that resemble a paid social network, and they provide you with a subdomain along with the deal. For that subdomain they charge you with about double what you would pay for an actual domain name.
I am the proud owner of a .lol domain :)
As a rule of thumb, I never register a ccTLD. You don't know the Geo-politics and baggage that TLD is under. Some countries are incredibly unstable, and that could be reflected in the ccTLD. The only exception is if you are a resident of that country and have a valid passport to reflect you live in that country, and that the domain can be claimed & validated because you live there.
Sometimes ccTLDs bind you to a country you don't live in, and it also signals that you may like/honor that country's practices and history (which you probably don't).
What I do is, choose generic TLDs like .blog and .dev. In the past .tk was considered low-rep because it was free, and it raised red flags, so at least pay for a domain. They're the same price as a T-Shirt!
That can hardly apply to .FR — no-one uses that for domain hacks, it's from a very stable country, and has very wide use within that country.
I'd rather suggest that using the very cheapest service providers means you're risking problems when you need customer support — in this case because notifications were missed due to a broken phone or whatever.
This comments feels very out of touch with reality. Nobody is going to associate your usage of an .ai domain with you honoring or liking Anguilla practices and history. It's a domain, you buy it because it sounds good for your marketing purposes. Unless you get some very obscure ones that might be associated with spammers and blacklisted (like .tk), you are going to be fine and nobody is going to associate you with that country.
Besides, it's highly unlikely you are ever going to have a problem with geopolitics and instability. For most countries it's just free money flowing in, especially with the trending ones (.ai, .io, .tv, .fm).
Note .IO is the British Indian Oceans Territory, which is a disputed territory claimed by Mauritius.
https://en.wikipedia.org/wiki/Chagos_Archipelago_sovereignty...
> The only exception is if you are a resident of that country and have a valid passport to reflect you live in that country, and that the domain can be claimed & validated because you live there.
Isn't that the whole purpose of ccTLDs? In fact, are you sure that your use case for ccTLDs for countries you have no connection with is actually allowed or legitimate?
Every single time I registered a ccTLD the registrar required me to provide documentation that attested I had in fact a relationship with said country, either a valid passport or business details. Frankly, I thought any other scenario was automatically deemed invalid.
Some countries require you to either be a citizen or have a business there, yes. But it’s definitely not the case for all ccTLDs.
some ccTLDs in the EU require you to be a citizen in any EU country. (So .fr or .eu for example)
Examples of the latter are for example .to or .ag, that do not have such requirement.
> some ccTLDs in the EU require you to be a citizen in any EU country. (So .fr or .eu for example)
I don't know about .fr but the .eu ccTLD is literally the European Union's TLD. The same exact requirements are applied: you need to either be a citizen or have a business there. If you attempt to register a domain with the .eu TLD you must provide an European ID card.
It's the same thing.
Yes, that is what I meant. That you need to be a citizen of the EU.
Sorry if I wrote it in a way that was easily misunderstood.
The point was that its not the case for all ccTLDs.
> The point was that its not the case for all ccTLDs.
I don't understand. For .eu it is indeed the very same thing, isn't it? You still need to be either a citizen or have business there to apply for a domain.
For .eu yes.
But I also mentioned .to and .ag for example where this is not the case.
Both are ccTLDs that have no such requirements. There are others as well.
There are actually benefits to registering for a ccTLD in your country of nationality, as you're touching on, but others reading are missing or not aware. .ca also has these features.
I can confirm you need some kind of legal address (person or company) in France to register a .fr domain.
Any address in the EU (or Switzerland, Norway, Iceland or Lichtenstein) works as well.
No, you don't. I am French and have an .fr domain and was never asked for proof of anything.
You are told that you have to something something France but it is just an information.
> No, you don't. I am French and have an .fr domain and was never asked for proof of anything.
Namecheap disagrees. From Namecheap's support page:
> Any company or individual residing within the European Union as well as in Switzerland, Norway, Iceland and Liechtenstein can register a .FR domain.
https://www.namecheap.com/support/knowledgebase/article.aspx...
Not sure what you mean. I wrote that there was never any proof required. Even the page you linked states that what is needed is only
> Date of birth (in the YYYY/MM/DD format)
> Country of birth
> NOTE: If “France” is selected in the Country of birth field, the registrants should also provide the city of birth and zip/postal code:
I was born on 1970-01-01 in 75001 Paris, France. There you are, an .fr registered.
Namecheap has gone downhill imho meaning it is no longer the best discount registrar. Meanwhile some more registrars have popped up in the past five years that have better service and are cheaper. Porkbun is one. I also had great experience with namesilo. The only reason I could see people going with nanecheap is they already have an account there or they listen to other people who haven’t evaluated the registrar situation lately.
I moved most of my domains from Namecheap to Cloudflare. I've never had a problem with domain names. But their renewal system is a little aggressive. They send a renewal email 60 days before. At 30 days it automatically renews. So I have a few domains that I forgot to transfer and have to wait another year.
Why do you have to wait a year? Are the domains under one of the few TLDs that where any time on the domain over one year gets lost on transfer?
I actually had no idea such TLDs existed, but apparently they do [1].
[1] https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/do...
Do any of them keep their word regarding renewal costs? The prices for the initial year always seem good and the next year is shown as something that's usually higher but still reasonable, but what stops them from continuing the trend and just jacking it up once you're invested and force you to either pay anything they want or lose the domain? All of the budget registrars seem shady enough to run that sort of racket, it's predatory pricing 101 after all.
Normal TLDs like .COM, .ORG, .CO.UK, .FR and so on have stable prices.
Massive price inflation seems to happen with new or trendy TLDs, where an initial $5/year can become $50/year or more.
It seems like once someone owns a domain there should be a limit on how much the price can go up per year. Where I live, property tax is done this way to prevent pricing people out of their homes as they age. Property taxes are reevaluated whenever a home is purchased by a new owner.
With domains being a digital home, it seems it would make sense to have laws in place that would treat them the same way.
Given how expensive property is in much of California, I'm not sure that's the model to adopt.
Between the desperately slow web app and awful customer support, I don't understand how anyone uses or recommends namecheap.
Cloudflare is the go to unless they don't have the tld.
Careful with Cloudflare, they don't let you change nameservers[1]:
> Registrant agrees to use Cloudflare’s nameservers. REGISTRANT ACKNOWLEDGES AND AGREES THAT IT MAY NOT CHANGE THE NAMESERVERS ON THE REGISTRAR SERVICES, AND THAT IT MUST TRANSFER TO A THIRD PARTY REGISTRAR IF IT WISHES TO CHANGE NAMESERVERS.
So it's a no-go if you want to use Route 53 or something like that.
[1] https://www.cloudflare.com/domain-registration-agreement/
It’s so they can better MitM your traffic, for your protection.
You do not have to use their "cloud MitM" feature, it's just the NS that you can't change.
They could switch your A records and still MitM your whole site. Granted I’m sure that would only happen if their CEO was really mad, but it just requires too much trust for my comfort.
haha, wow... how shitty of them.
Cloudflare registrar is poor recommendation because you are forced to use Cloudflare dns.
I learned this the hard way when I had to use route 53 dns and had to wait 60 days to transfer.
I don’t know how this is allowed, registrars should be required to let you set custom dns.
Cloudflare has a history of randomly hijacking the site without notification if they don't like you. So no.
Only in extreme cases where their CEO disapproves of you.
The idea cloudflare binds you to cloudflare DNS, if you don't want to use it you are out of luck.
The problem* thanks auto correct.
I moved away from it many years ago.
To a French one =)
Hope you don’t mean Gandi. That went downhill even faster than namecheap.
https://arstechnica.com/civis/threads/psa-gandi-net-bought-o...
Veering on a tangent, I've been pretty happy with Netim as a French (not just .fr) registrar and replacement for Gandi.
Moved away from them in general two years ago. Their past behavior has shown a severe lack of care for their customer data[0].
Nowadays I use Porkbun + a local provider for the ccTLD belonging to my own country.
Perhaps a stark reminder that with cheap prices, you get treated like a cheap customer.
[0]: The CEO encouraging an activist hacker/criminal to pentest their webportal without any sort of contract or anything in place to prevent them from leaking out their findings and instead going by "lol, time to shitpost about it on twitter" energy is shameful.
Same here.
It's always been a worry of mine that I might have an issue with renewing some of the domains I really rely on, and that sorting out the problem might take longer than the amount of time I have left before it expires.
So one year, whenever a domain came up for renewal, I bought a two year renewal on it. And since then, I renew all my domains at the same time every year (first week of January, but you could do it any time) when there's between 1 and 2 years left on all of them. If there's ever a problem dealing with the renewal, I've got plenty of time to sort it out.
Yes, the registrar gets to keep (on average) 18 months worth of registration fees on account, as it were, but for me it's worth the peace of mind.
This. Waiting to renew a domain you rely on a few weeks or months before it expires is asking for trouble. Credit card issues, family tragedy, health problem will hit you eventually. Use a service that will renew automatically and/or schedule checks in your calendar.
> Don’t ever use namecheap for any kind of domains. It is the second worse domain registrar exists
When did this happen? Anecdotally, in recent years, I've seen namecheap be the primary recommendation for a domain registrar. When did the public opinion shift like this?
Yeah that was weird to hear. I’ve been using Namecheap for over ten years. I have around 100 domains. Had no issues, never transferred a domain tho.
I also don’t use any other services they have.
> I have around 100 domains. Had no issues
20+ years, fewer domains. Their expiration process is generous. That said, some international domains they sell have a poorly handled expiration process (as noted by the OP). Their upstream provider has a crappy+short grace system. I think NC could offset the harm by having the expiration 30+ days sooner but they don't.
> I also don’t use any other services they have.
I tried mail their mail hosting 10 years ago. They use an open source server and app plugin to mimic Outlook push. It was a disaster and my customer was not happy with me.
I stick to domains, DNS and DDNS now.
The truth of the matter is that namecheap does exactly what it says in the name. I rarely find a cheaper domain name elsewhere.
OP gave us good information on what to do if you’re in this situation but to be frank, the entire situation is their fault. If you are using a domain for your email you need to protect it with your life.
No working payment method no auto-renew, that’s on you. Namecheap emails you reminders at 30 days and 15 days ahead of time. “My phone was broken” is a lame excuse: get your ass to the library if you have to.
In my case, I bought my renewals numerous years ahead of time. The price is only going to get higher anyway, might as well buy them now.
When clicking on the link from my office (which happens to be in a data center) I get this:
> whoa there, pardner! Your request has been blocked due to a network policy. Try logging in or creating an account here to get back to browsing. If you're running a script or application, please register or sign in with your developer credentials here. Additionally make sure your User-Agent is not empty and is something unique and descriptive and try again. if you're supplying an alternate User-Agent string, try changing back to default as that can sometimes result in a block.
These kinds of blanket bans on data center IP's ignore the fact that real humans do use them. As for user-agent, I'm using Firefox on OSX with no user-agent obsfucation plugins.
My office switched to a cloud-hosted network proxy appliance for our internet access. We now get "access blocked" from dozens of websites, including from reddit, simply because the "edge" ip address is technically from a netblock assigned to a data centre.
I use a VPN, and I get the same message whenever I go on reddit. The old.reddit.com version still works though.
Fairly sure this is because of their API changes - maybe they don't want people scraping?
try running a VPN at home and routing through that
I'm trying to discourage others from breaking things with blanket IP bans.
My personal solution is to boycot companies that do this, and should they come up in conversation mention they arbitrarily block legitimate users from their services
Normal, it’s same in my company
Somewhat related, but does anyone know how to deal with a .us domain? There is no WHOIS privacy with that TLD. A few hours after I bought a .us domain, I started receiving phone calls from all over the world, literally every 5-10 minutes for days, offering services for my “new business” associated with the TLD.
Is there any way to keep legitimate contacts in the registrar without getting a ton of spam?
> Is there any way to keep legitimate contacts in the registrar without getting a ton of spam?
There is a ruling that prevents hiding the .us domain registration and contact information or using anonymizing proxy [1]
Your information must be public. Maybe you can try national do not call registry [2] and see if it helps in this particular case.
[1] https://www.washingtonpost.com/wp-dyn/articles/A7251-2005Mar...
For me the last straw was them just banning all Russian customers. I kinda get it, but I can't support that. I just want companies to provide services or goods in exchange for money. Not everyone has to save the world
Kinda hard providing service to X nationals while hiding in basement of your office building because X is attacking the very city you are in.
Namecheap had exactly that.
I'd say the ban was 100% justified.
I don't see the connection between a country and its (civilian) nationals. But to each their own, I mostly just don't want my domains to be suspended because of things my government might do or say or whatever
The nationals are the country and should take responsibility for their country's actions because it's effectively their actions.
Ah, yes, because those X barbarians live only in their X country and never ever leave it (except to attack the very city you are in).
Also the whole thing starts to stink when the company based in Phoenix, Arizona suddenly have 1700 staff nowhere in the US.
> I'd say the ban was 100% justified.
Well, of course, because it never can happen for you, because you are a proud member of a democratic civilization which never partakes in the wars, never brings someone to heel, never ever can be brought to ICC. Right?
if you have no connection to France you cant expect to be able to use that domain. The same is true pretty much for all national domains. Also eu. https://eurid.eu/en/register-a-eu-domain/brexit-notice/
Check tld-list.com and porkbun.com when looking for a domain to register, you'll often find cheaper than elsewhere
That said, I wouldn't use a registrar that didn't have good reviews, and I'd look at security policy, privacy policy, renew price, features list, and support options. Sometimes it's worth paying more.
After you have the domain, if it's important to you, try to get support to change it for you or recover your account without a valid email address. You'd be amazed how easy it is to compromise many registrars through support.
And set up auto renew... Once it's gone, you'll regret it.
They're trigger happy, see this [0].
I'd wager that was part of NC learning how to turn around their long history of being a safe registrar of crapware and malicious domains.
I nearly moved my domains away from NC 15 years ago, when I submitted documentation about key domains for malware distribution. NC support blew off my report because they weren't hosting the malware itself.
That long period of ugliness has gotten better.
Google domains was the best registrar while it lasted. Sad that Google killed it.
Gandi used to be great too, with free (or at least very cheap) mail servers too IIRC, then they were bought out...
edit: officially, merged with TWS
https://domainnamewire.com/2023/03/02/total-web-solutions-ac...
Gandi were bought out? By anyone reputable? I've got all my domains with them, I don't wanna get caught up in any shenanigans
They were bought by TWS and prices changed suddenly. Many things that were included with domains like email account became paid options, and expansive.
I had a dozen of domains with them for years (more than 15) and made a lot of people go to them. Yet, I moved everything out at that time, and helped friends and acquaintances to move out to. Staying there would have cost me several hundreds of additional euros per year. I move some of my domains to OVH, and some other to Infomaniak (I already had domains registered with both of them and am a very happy customer of both).
Shenanigans are forthcoming, guaranteed. I had 30+ domains with them, a client of 20 years and a true fanboy, referred dozens of friends. I wouldn't touch them with a long pole now. Moved all to Porkbun and INWX.
> Besides, Namecheap isn't cheap anymore. I've been using it for years but recently moved to Cloudflare as the renewal of my .com domain was 50% more expensive on Namecheap.
Reminder: move my domains from Namecheap to Cloudflare if prices are indeed lower.
Cloudflare sells domains at cost so yeah, they’re cheaper. Downside is they don’t have as extensive TLD support as Namecheap, but they’re slowly improving.
CloudFlare domains is a bit of an underbaked product, it's not bad but you should be aware that you cannot change your root nameservers . They must be CloudFlare. The only way to change them is to switch registrars.
Wanted to move away from Namecheap for quite some time tried some other registrars but not really happy (e.g. Porkbun) (Moved all my DNS to BunnyCDN at least).
I need PDF invoices with VAT/VAT-excemption sent to me for business reasons. Most have only an HTML which often gets wrangled with Print-to-PDF. Some don't have invoices at all :-(
[Edit] Got a comment on Reddit to try inwx.de - moved one domain, they seem to have PDF invoices in mail, 90s UI (which is a good thing ;-) and very technical status update messages (which is also a good thing)
I recently tried cloudflare domains and it works well, does what I need. On PC I can download the invoice as pdf.
Cloudflare forces you to use their dns. You can’t use route 53, for example. Which is shitty with domain transfer cool off periods.
I have this on my PDF OVH invoice file:
Invoice n°FRxxxxxxx of January 30, 2024 Total invoice excluding tax €4.99 VAT (20%) €1.00 Total invoice including tax 5.99
Subscription €7.79 Offers -€2.80 Price excluding tax €4.99 VAT (20%) €1.00 Total including tax €5.99
Thanks, does OVH send these invoices or do you need to log in?
I get a link by email, the PDF has to be retrieved from the web portal.
That PDF has my name and address at the top though.
Ok, thanks
Curious re Porkbun, what were the negative aspects of your experience?
No PDF invoices at that time.
I think it’s an Euro quirk. My .de domains can’t be renewed if they expire in less than 7 days.
Just don’t deal with euro domains. I learned it the hard way and moved to .com
I have a ton of Euro domains, and I've never heard of having to manually renew them within a specified time period.
I think this still depends on the registrar in question. Most of my domains are .be or .eu and they (thankfully) renew just fine even in the last minutes of the last hour before they expire (that was close).
Worst experience for me was .us. I bought three, don't know if they mentioned it at checkout, but those can only be registered by US citizens, which I am not. I could buy them, but after a couple months I received an email from the registry regarding one domain telling me to prove I was an US citizen. I couldn't, Namecheap support told me they couldn't help either. So the domain was suspended. A few days later they suspended the other domains which they found since they belonged to the same contact. Partly my fault for not reading the registry rules I guess but definitely a bad experience.
Is there any research out there that tracks how well companies are doing in customer service? I can't tell whether I'm getting old or whether the state of play has always been like this, but like the author I run into the following situation with alarming regularity:
Customer: I want to do X. (Note: very reasonable request)
Business: You can't do X.
Customer: Why?
Business: Reasons that I can't adequately disclose.
Its getting to a point where the business (or government agency) feels like its spending more time preventing you from doing reasonable thing rather than helping you. The authors case here is a good example. But is this new or has it always been this way?
I think that any service filling that role is likely to get hit with a terminal case of enshittification. There’s been a few services in a similar niche (glassdoor is a standout example) that eventually changed to the “as long as you’re paying us for an expensive corporate account, we’ll remove negative reviews if you complain about them” business model. The incentives are arranged to make it pretty much the only viable way to make money.
Domains is such a racket. On the retail side, there are too many entrants fighting over <$10/yr scraps like street vendors hawking knockoff DVDs. On the upstream side, there is a king rat of mafioso companies formed out of Byzantine M&As that is completely unreachable and unaccountable to anyone.
I know we all hated network solutions when it was the only game in town, but I’m not sure the current flea-market situation is a net improvement.
Isn't the real lesson "pay for multi-year registration"? Or "make sure your have auto-renew on"? Or perhaps "add funds to your account to pay for critical services"? Or even "put a reminder in your diary a month ahead of time"?
I get how crap Namecheap are - but presumably they send out reminder emails?
Same issue at enom for those domains. They have to be auto renewed by a date before the expiration date. Manual payment is not possible even before that date. If you miss it you can watch as the domain goes into redemption after the expiration date.
my worst domain story is of Gandi hosting microco.sm , the .sm is San Marino, and the domain costs €300 per year as a special business domain.
but... halfway through last year (in May) the domain was suspended, and as DNS caches expired the domain became increasingly unavailable.
I used microco.sm to host an OSS forum platform, and this instance runs over 300 domains.
what then happened was a scramble... Gandi support were effectively non-existent and I was against the clock for those caches expiring.
full incident thread written in public view: https://www.lfgss.com/conversations/386644/
I effectively cut over to a spare domain, but wow... 14h of incident, and about 1h3m of outage, but this was a SaaS platform that had run successfully for more than a decade prior... so that domain name was hard-coded everywhere, and I needed to change everything.
it's an insane DR recovery, I'm not sure losing your primary domain as a SaaS service is on anyone's failure mode, I'm pleased I could respond and get this done... but wow.
root cause? Gandi never said, but a few threads elsewhere on the internet from a few individuals impacted who were Italian suggested that Gandi had failed to pay their annual registration with nic.sm and so nic.sm suspended all .sm domains that Gandi managed... totally unbelievable and also very believable.
I tried to find info on this and ended up in a 2018 HN thread which links to a similar incident but with 101domain instead of Gandi: https://puri.sm/posts/the-great-purism-dns-outage-of-2018/
Makes me wonder if San Marino was at fault in both of these incidents.
looks like it... it looks like San Marino has a very solid response for lack of payment, and that is damaging to the real end users / customers of registrar services
I mean, don't use NameCheap period. Use AWS Route 53, Cloudflare Registrar, etc.
It might cost a few bucks more, but your cloud services provider isn't motivated to squeeze as much money out of you as possible during domain registration/renewal. Say goodbye to all the random upsells you don't need and say hello to straightforward domain/nameserver/DNS management.
Cloud providers make their money from compute, storage, and network. They're motivated to make domain management a good experience so people move/start more projects there.
Namecheap have been gaslighting people for years about implementing 2fa. When they finally rolled it out, it was a piece of crap in house built solution that couldn't properly send an SMS half the time. I remember them saying they were gonna roll out TOTP "in February" and five februaries past at which point route 53 was pretty mainstream so I moved all my domains.
Incredibly dishonest or incompetent company.
Route53 is by far the most expensive DR for all the tlds I looked at, was your only consideration convenience?
It also unfortunately doesn't support a lot of tlds. I have to use different registrars for that.
As far as I remember, the standard average price for a .com back then was like $10 and route 53 was $12. Wasn't a big problem considering how robust the dns panel was compared to everything else at the time.
For a business with only a few domains, but using AWS for any other services, the convenience of having them in Route 53 is worth the small additional cost.
Our most recent renewal cost $12.
Agreed - just mildly annoying it gets invoiced separately instead of being bundled in a monthly line-item, but I'm sure there's some contractual reason it has to be that way.
For reference, NameCheap TOTP released in 2018:
https://www.namecheap.com/blog/protect-account-totp-2-factor...
bummer. I haven't had trouble with their 2FA solution and in fact they were one of the first to implement (working + practical) FIDO support. IIRC, I turned that on even before Google.
that said, I haven't tried them for key recovery yet... and hope I never have to!