A Discord account is more than just your username and avatar: it’s your digital key to talking the night away with some of your closest friends and favorite communities. It’s how your day can transform from just another Tuesday night to one of your most cherished memories.
That’s why it’s important to keep your Discord account safe and secure, so you can always stay connected to the ones you care about the most. Over the years, baddies on nearly every social platform have gotten a bit more crafty when it comes to taking over accounts.
On Discord, you’ve got a few options at your disposal to keep your account secure. To start, any Discord account with a verified email address (so, basically all of ‘em) and no other security options enabled will receive Login Verification Emails if they try and sign in on a new location or device.
Furthermore, to make your account effectively impenetrable, you should absolutely enable Two-Factor Authentication (2FA) and consider SMS Backup Authentication in case something goes wrong.
Read on for a quick explainer of how each of these features protect your account, plus some general security tips at the bottom of this post.
What Everyone Gets to Start: Login Verification Emails
When you sign in from a new location that you haven’t used Discord at recently and you don't have 2FA enabled, we'll send out a Login Verification email that you can use to confirm the login location. You click “Verify Login” and then Discord lets you in. Easy as that!
Since it’s sent to your email inbox, it may not help much if your email password happens to be the same as your Discord account password (which is very bad for all sorts of reasons).
Please use separate passwords on all your accounts throughout the internet. We’ll explain more in the Password Management section.
What You SHOULD Use: Two-Factor Authentication (2FA)
The next security feature is called Two-Factor Authentication, arguably the best way to keep any internet sign-in you have secure.
Better than one and easier to manage than three, Two-Factor Authentication requires you to enter the correct username and password, and then verify the login by entering a code available on a separate phone or device running an authentication app. These codes change periodically, so you'll need your device near you so you can use the latest login code.
Two-Factor is opt-in. You must turn this on in User Settings -> My Account. We hiiiiiiiighly recommend this as it’s the best way to keep your Discord account secure.
Everyone should turn on 2FA! Including you! Here’s a quick overview of getting set up:
- First, download an authentication app like Authy or Microsoft Authenticator.
- With your 2FA app installed, open Discord and head into User Settings > Account.
- Connect your Discord account to your authentication app of choice with a QR code scan, or by manually entering a code if your QR scanner isn’t working.
- Confirm that things went smoothly by submitting your very first login code.
- Revel in the weight lifted off your shoulders knowing your account is more secure than ever before!
It’s a fairly smooth process as long as you’ve got what you need ready to go! For a more thorough step-by-step guide, we have a more intricate Help Center article over here.
After turning 2FA on, you should absolutely save your Backup Codes. These can be used in the event you misplace or lose your authentication app and are unable to receive SMS Backup Codes. We recommend storing them in a password manager. (What’s a password manager? We’ll discuss them in the Password Management 101 section.)
If you ever lose, forget or get your Backup Codes stolen when the shoebox under your bed goes missing, you can regenerate them in My Account > View Backup Codes > Generate New Backup Codes.
Looking for a good authentication app? You can use any app that supports time-based one-time passwords (TOTP), but below are a few great free choices:
- Authy, available on Android, iOS & desktop
- Microsoft Authenticator, available on Android and iOS.
- Google Authenticator, available on iOS and Android.
Important Note: Turning on Two-Factor Authentication will disable Login Verification emails.
What’s Good to Have: SMS Backup Authentication
Look, even if you’ve got the most secure combo of password and 2FA app imaginable, sometimes Wump Happens. Your laptop gets smashed as you pull a sick bike jump, or your phone tumbles one of those rain gutters that happens to be the exact size for a phone to fall in.
SMS Backup Authentication will let you receive one-time use codes via text message if your mobile authenticator is inaccessible. It’s optional, but it can help ease your worries if you’re stressed out about relying solely on an authenticator app to sign in each and every time, especially if you plan to switch to a different device down the road.
As a bonus, enabling SMS Backup Authentication helps fulfill requirements for servers that have their Verification Level for members set to the highest. If a community requires a phone number on your Discord account in order to participate, you’ll already be set to go!
Password Management 101
Before you verify your login location via email or use your 2FA code to log in, the first thing you’ll type is your password. Even with secondary login verification methods, it’s important to have a secure, unique password that you aren’t using anywhere else.
Even if you’ve got “th3_m0s7-s3cuRe_p422w0rd-u-cAN_m3mor1z3,” don’t count on that single password being your only one. Unfortunately, data breaches happening all over can expose your login information to anyone simply looking to gain access to random accounts across the ‘net, regardless of their intention.
We recommend checking your email or phone number on Have I Been Pwned, a site that can cross-reference emails and phone numbers with data breaches that have happened before. If your info pops up on a pwned website, you should consider any passwords you may have used there at risk and they should be updated or changed.
Thankfully, nowadays you don’t need to memorize that “s3cuRe_p422w0rd” nowadays: Password managers like 1Password, Dashlane, or LastPass will create complex passwords for you AND remember them for you.
You can even save your 2FA codes within some of these password managers, making these apps your one-stop shop to log in to Discord, and any other accounts you may have around the internet.
Of course, keeping your password AND your 2FA code in one service will make all your required login details easy to access in one location if a nefarious person somehow gains access to your password manager. If you want extra credit in Security 101, consider using a combination of a password manager and a separate authentication app.
Prefer to have your browser save your password? Most modern browsers, such as Chrome, Firefox, and iCloud Keychain for both macOS and iOS can help save your secure password without needing to download another manager. No matter what way you save your password, it’s going to be way better than one that’s your favorite color repeated three times.
Have Your Phone On You? Try QR Code Login!
If you’ve got your smartphone on you at all times, there’s a good chance that phone already has both Discord and your authentication app installed. After all, how else are you gonna check in on your friends on the go?
With QR Code Login, you won’t need to sign in using your email address, password, or one-time login code. It’s great for using Discord on a shared computer, or your secure password is dozens of random characters that can take minutes to transcribe.
As long as the device you’re using Discord for iOS or Android on has a camera, you can point it at your computer’s screen and use it to sign in to the desktop or web apps — it brings a new meaning to point-and-click!
Get the whole scoop on QR Code Login at the Help Center article here.
If you do the following, it’ll be very difficult for someone to compromise your account:
- Use a password for your Discord account that’s unique to Discord and if it’s just a word in the dictionary you’re doing it wrong.
- Enable Two-Factor Authentication to add an extra layer of security between you and your Discord account.
- Look towards password managers like 1Password, Dashlane, or LastPass to provide unique and complex passwords. They’ll even remember them for you!
- Consider setting up a phone number for SMS Backup Authentication should something go awry.
- Using a public or shared computer? Use QR Code Login to use Discord without typing your email or secure password on that machine. (You’re using a secure password, right?)
- Any time you’re done using Discord on a public or shared computer, be sure to sign out!!
- Never ever ever EVER open the Developer Console for any reason.
- We’ve got 2FA. Use, m’kay?
Even with all of the above, our final piece of advice is important enough to encompass your entire internet presence: never download and run any programs from people or sites you don’t trust! Even with the most secure password and 2FA setup and a real guard dog sitting on your keyboard, running malicious software can cause a whole lot of harm than just one lost account.
Above all, stay smart, stay vigilant, and stay safe out there. If something goes wrong, you can always reach out to our support team at dis.gd/support.