It's worth pointing out just in case someone might forget/not think of it... Don't register your domain or DNS with Google Domains / GCP if you host your email with Google Workspace... since if you get locked out of the Google account you could be unable to update your DNS.
The saddest thing though is that in some ways Gmail is harder to hack into than some registrars. I remember a postmortem write-up from a guy who had his personal domain easily hijacked by social engineering someone at the domain registrar, which then served as the foothold of a larger identity theft attack against him. Google, by virtue of simply not even doing customer service, is much harder to social engineer, so the author of that piece pointed out that ironically if he'd put more of his eggs in the GOOG basket, he'd have been safer.
> Don't register your domain or DNS with Google Domains / GCP if you host your email with Google Workspace... since if you get locked out of the Google account you could be unable to update your DNS.
This seems like a potential rabbit hole.
Use a different domain with your registrar than the domain you’re registering. Same thing with DNS host. Do you have two domains with two registrars and two DNS hosts? Presumably if either one gets compromised, the control of one domain could be used to gain control of the other. And you’ve quadrupled your attack surface by having two domains with two registrars and two DNS providers.
I don’t disagree with you, but I also don’t know a robust solution for this (happy to hear one, if you have it).
There was also the time where the itch.io domain got nuked for a day because a copyright bot sent an automated complaint to the domain registrar and the registrar just immediately took the domain offline.