Domagon said:
Another aspect to consider is that checking 1 registrar for things amiss on a regular basis is a lot easier than checking 4 or whatever - on a related note, some people using numerous registrars run into problems keeping track of what they have, when they expire, keeping credit card updated, etc.
Ron
I'm not recommending it for everyone, and even at my the smallest, I have at least 400 domains. Until your portfolio is large enough to get good discounts at each, you're better price wise to consolidate them. However, multiple registrars also allows taking advantages of the specials at each as well. I find some are better for different TLD's than others. It also makes it fairly simple to trade when you have active accounts at the major ones. When I had to manually fix the whois, retrieve EPP codes and unlock over 500 names to get them out of Registerfly, I was glad I didn't have another 2000+ domains there. Also, if only one registrar is compromised, it reduces the amount you need to track down.
Spade said:
I think if you change your login/passwords from time to time, and are checking your account often. Your going to find its a smart/safe bet. Also, make sure your email addy is always uptodate and uniform. Make sure that if you use a domain as an email, that it doesnt expire! This seems to be a popular reverse hijacking tool...
Justin
A couple other safety tips:
If you own the domain your whois email is on, have it at a different registrar or different account at ther registrar than your portfolio. If they get your account, they could get your domain and move the mail to a new host.
Don't host your domain with the registrar where it's registered. If you lose the names, you also potentially lose your website host account, which may be needed to temporarily put up a site until you get your domains back.
Use a different email for the registrant and admin contacts. Each should get a message when a transfer request or expiration notice is sent, doubling your chance of catching something you didn't authorize or missing a renewal.
Use a monitoring service like domaintools or similar that will notify you when something in your whois record changes, including going into expiration status.
As many bad things registerfly did, there is one feature I miss there. They had a security message that you could set up that would email you any time your account was logged into and included the IP address that logged in. I had it notify me once of a login that wasn't mine and I immediately logged in and changed my password. I think the login ended up being support logging into my account for a support request, but it could have been a hacker just as easy. However, I changed my password within an hour or so of the unknown access.
