Recently there have been a couple of notable streamer Discord servers taken over and messed with. How did this happen? Not because of any exploit or hack, but because of streamers using the same password across all sites and services like Patreon, LinkedIn, and Teamviewer have all had data breaches. In response to the recent troubles, Discord has added a couple of new security features to help keep your account and servers safe.
Before doing any of this, you must verify your account. Go to your User Settings (cogwheel in the lower left corner by your username) and the Account tab is the first to open. Enter a password and verify your e-mail address.
Two-Factor Authentication (2FA)
This was just added in the latest Discord update, and is the strongest way to keep your Discord account secure. To enable, open your User Settings. Go the the Security tab. From here, you can enable 2FA using Authy.
Setting up 2FA on Discord
- Download Authy or Google Authenticator on your phone.
- Use the app to enter the provide code by Discord.
- You’ll see a list of backup codes that you can use should you not have access to your phone authenticator. You can download those, or write them down somewhere safe.
- Breathe easy knowing your account is much more secure.
Discord Server-Wide 2FA
Do you own a server that has users with administrative power? You might want to consider enabling two factor authentication for your Discord server. To do this, open up your Server Settings and go to the Security tab. This setting requires the server owner to have 2FA set up in order to enable/disable this feature for the server. Once enabled, users with administrative power will be forced to set up 2FA on their account and will temporarily lose their power until it is set up.
Note: This is not just for users that have the “Administrator” permission, but also users that can manage channels or members.
IP Location Lock
Hopefully you’ve enabled 2FA already and you can skip this as it is disabled and unnecessary. If for some crazy reason you don’t want to enable 2FA, Discord will use an IP Location Lock system to try to protect your account. When your account is logged in from an IP location that Discord hasn’t seen from you in the last 30 days, you’ll receive an e-mail requiring you to verify that it’s actually you. Of course, if your password to your Discord account and e-mail address are the same, this won’t be that helpful.
These new Discord security features will greatly increase not only account protection but server protection. However, it’s up to the users to make the effort to enable 2FA on their accounts.
Source: Discord blog