🔐PSA: Enable Registry Lock on your domains
If you own an online business or host your email on a custom domain, you should enable Registry Lock.
Employees at registrars like GoDaddy and Namecheap often have access to customer domains to help with support issues. They can modify nameservers or even transfer away your domain.
It's more common than you think. They get hacked, socially engineered, etc.
Once your domain falls into the wrong hands, you're screwed.
All your emails can be rerouted. Consequently all your online accounts can be hijacked.
If it's a domain for an online business, all your customers are at risk due to your negligence. (Hope you have a good lawyer!)
Your only defense is to enable Registry Lock which will require manual identity verification by Verisign before even your registrar can transfer your domain.
More info here: krebsonsecurity.com/2020/01/does-your-domain-have-a-registry-lock/
Note that "Registry Lock" and "Registrar Lock" are two different things. The latter also helps secure your domain, but your registrar still has full control and remains a liability.
Registry Lock isn't free. By design, it cannot be automated. So it requires manual labor from your registrar. Manual labor is costly. So you'll need to pay for it. But it's worth it.
Namecheap: Offers Registry Lock for $20/mo as part of their Domain Vault option. namecheap.com/security/domain-vault/
Cloudflare: Offers it to customers on the Enterprise plan. cloudflare.com/en-gb/products/registrar/custom-domain-protection/
GoDaddy: lol