I have been reading a lot about domain thefts lately and even though it is not as prominent with .ca domains I strongly advice anyone with valuable domains to use Two-factor authentication.
In fact even two-factor does not go far enough, in case you lose your phone there is still a small chance something can go wrong.
I use something called Google Authenticator, which is an app that changes the authentication code every minute and will keep your account secure if someone should try to access it.
https://play.google.com/store/apps/details?id=com.google.android.apps.authenticator2&hl=en_CA&gl=US
GoDaddy is the most secure registrar I have dealt with, my account has the following...
- PIN Enabled
- Two-Factor Enabled
- Authenticator Enabled
The authenticator is very important because the domains that are getting stolen are being accessed through human error. The perpetrators collect a bunch of information on the domain holder and then they phone support saying they have no access to the account. The support team verifies personal information and grants access to the account. The thief now unlocks the domains and transfers them out.
With authenticator activated the support team will not talk to you until you give them the authenticator code. So the support team cannot be tricked by a sob story saying you lost the password.
Consider activating authenticator if you are with godaddy and ask your current register to get it if they do not have it available.