[Discuss] Domain Registrar (and DNS) Recommendations?

[kentborg at borg.org (Kent Borg)]

I'm interested in registrar security. Reliability and good price would 
be nice, but mostly I want a secure registrar. That is, one that will no 
let someone hijack my domain ownership nor my DNS.

Rationale:

In my computer life I realize the worst weak spot is accounts that 
decide to use SMS for account recovery. They think they are being all 
secure and doing two-factor, but cellphone accounts are easy to hijack, 
and then whoever can the right bribe a clerk at a cellphone store can 
steal any accounts for sites run by stupid people who think SMS is 
secure. Other than trying to never give out my phone number, etc., I 
don't know how to avoid this. Grrr.

The second worst weak spot is account recovery via e-mail. (And 
more-and-more simply account login is being done by e-mail??more 
stupidity.) I do my own e-mail, so this one is on me?

Okay, the first link in that chain is control of my domain. Which means 
if someone can hijack my domain, I could be in trouble. Similarly, I 
don't do my own DNS, so if someone can hijack my DNS, I could be in trouble.

So I need a registrar (and DNS provider) that has good security in 
general, and good policies about transferring domains, and of course, 
account recovery.

At the moment I am using godaddy.com for my e-mail domains. But I'm 
worried about godaddy. Recently I registered a new domain with them and 
once I made the purchase they sent me down an up-sell chute and did 
their *very* best to not let me out. Clicks that were not part of their 
sales process didn't do anything! I finally escaped by logging out 
(killing my browser, which I have carefully contrived to clear all 
cookies and get me back to a known state).

That left a very bad taste in my mouth. So I figure as my various 
domains (mostly borg.org) come up for renewal I should transfer them to 
someplace better. But what is better?

Desired features:

- Domain registrar.

- DNS service (same or different provider).

- Very picky domain transfer security.

- Very picky account recovery security.

- Very picky security in general??they themselves should not be likely 
to be broken into.

And, I suppose it would be good to finally join the two-factor religion,
at least in this one case, and have my account access require I possess
my Yubikey, or my backup Yubikey, so:

- Yubikey 2 factor.


Yes, Godaddy can do Yubikeys, but I don't immediately see that I can 
have a backup Yubikey??not sure how that works??and they seem to also 
really want customers to set up the Authenticator app for them, but I 
don't want that, I don't like cellphones being treated as the universal 
basket that everything must be put in.


Suggestions?


-kb, the Kent who wonders whether Google, in the business of selling 
domains for commercial cloud users, might be better.