Overview
Before making any changes to a customer's account, identity must always be verified. This protects the customer from unauthorised access and protects us from liability. Never skip or rush verification, even if the customer seems frustrated.
Step 1 — Send a Verification Code
Always start by sending a one-time security code to the customer's registered email or phone number. Ask the customer which method they currently have access to before sending.
- Email code — sent to the registered account email
- Phone code — sent via SMS to the registered mobile number
- Some accounts require TWO codes (email + phone, or email + authenticator app)
💡 If the customer has an AOL or external personal email on the account, send the code there — it won't be affected by any issues with their business email.
Step 2 — Code Not Arriving?
If the customer says the code hasn't arrived, work through the following before escalating:
- Ask them to check spam and junk folders
- Confirm the phone number or email on the account is correct
- Ask them to check signal strength if using SMS
- Try the alternative method (phone instead of email, or vice versa)
- Wait a few minutes and try again — codes can occasionally be delayed
⚠️ If codes consistently fail to arrive after multiple attempts, escalate to L2. Do not attempt to bypass verification.
Step 3 — Account Has 2FA / Authenticator Issues
If the customer is locked out due to a 2FA or authenticator app issue, this is outside L1 scope. Escalate to L2 immediately — do not attempt to disable or work around 2FA from your end.
Step 4 — Customer Can't Access Account Email or Phone
If the customer cannot access either verification method, do not attempt to send codes to unverified external addresses. Direct them to the account recovery portal:
- Account login or email issues — select "Account Access"
- Domain-specific access needed — select "Domain Access"
- 2FA is the specific problem — select "2-Step Verification"
💡 Account Recovery Portal: https://supportcenter.123-reg.co.uk/accountrecovery
Step 5 — Resetting the Password
Once identity is verified, you can reset the account password or WordPress admin password depending on what the customer needs:
- Account password — use the admin backend to trigger a reset or update directly
- WordPress password — access via hosting panel, locate the WordPress install, and reset the admin user password from there
- Always confirm the new credentials back to the customer clearly before closing the chat
Step 6 — Updating Account Details
If the customer wants to update their login email, phone number, or personal details after verification, direct them to:
- Client Area > Account Settings > My Profile
- If updated details don't show immediately, advise clearing cache and cookies and checking the top right person icon in the Client Area
⚠️ Never confirm registrant details from L1 — all personal details including email, phone, and owner name are censored for security reasons.
Common Pitfalls
- Sending code to wrong method without asking customer first
- Skipping verification because customer seems genuine
- Attempting to bypass 2FA instead of escalating to L2
- Resetting password before confirming identity is fully verified
- Sending verification codes to unverified external email addresses