Most domain registrars provide this service for free to prevent domains from being stolen or transfered. But I do not understand why it is safe when people who can access to the domain account also can turn this off (release the Locked) themself. It means that if anyone has my account password, he also can releases the locked domain and transfers it to any where he wants. So I wonder how Registrar Lock service can protect my domains?
If domain is locked by reseller or registrar, it cannot be unlocked by you. domain lock has 2 levels.
Thank you. So how to unlock in this case? And I still see registrar like Godaddy, Namecheap (and most registrars, if I am not wrong) say users can lock and unlock anytime they want through Account Manager. And practically we can do that easily.
Think of that as a "belt and suspenders" approach. If your belt fails, your suspenders keep your pants up, heh. That lock thing does seem pointless at first for the reason you stated. However, one scenario where that may work is if someone requests to transfer your domain name without breaking into your domain account. That assumes, though, that the person also controls the email address on record.
You are exactly correct. Registry-level locking only helps insomuch as you keep your registrar account safe. If someone gains access to your registrar account, they will likely be able to unlock your domains, change WHOIS and also retrieve the EPP transfer code. Those things are enough to transfer your domain away to a different registrar, in essence costing you your domain. Some registrars provide additional security In the event your account is improperly accessed. For example, I use NameSilo and they offer Domain Defender (http://www.namesilo.com/Support/Domain-Defender). I would also recommend selecting a registrar that offer two-factor authentication. Here is a list: http://www.domaininvesting.com/domain-registrars-that-offer-two-factor-authentication/.