Keeping Discord Safe and Sound
Our blog has moved to our main website! Check us out on discord.com/blog to stay in the loop about future posts.
There’s been a lot of security issues popping up on the internet lately such as password leaks from Linkedin and Myspace.
This is no bueno and we want to make sure that even if your password gets ripped from another service that you’re still protected on Discord.
So we did that yup.
If you’ve claimed your Discord account with an email and verified it, your Discord account is protected automatically with our IP Location Lock.
Furthermore, to make your account effectively impenetrable, you should also enable Two-Factor Authorization.
Read on for a quick explanation of how each of these features protect your account (plus some password tips at the bottom of this post).
IP Location Lock
When you sign in from an IP address that you have not used Discord from within the last 30 days, we’ll need to verify it’s legit. If this lock happens, we’ll send you an email to make sure it’s you. You click “yea boi it’s me whaddup” and then Discord lets you in.
This only works if you’ve claimed AND verified your account with an email because we can’t send you an email if we don’t have your email.
This also doesn’t really help if your email password is the same as your Discord account password. Please use separate passwords on different accounts. We’ll explain more in the Password Management section below.
If you’ve decided you like Discord, go to User Settings -> Account and then enter an email and password. Claim your account so we can keep you safe!!!!!!!!!!
Two-Factor Authentication (2FA)
The second security feature is called Two-Factor Authentication, arguably the best way to keep any internet sign-in you have secure.
Better than one and easier to manage than three, two factor requires you to enter the correct username and password and then authenticate the log-in by entering a code available on a separate phone or device.
Two-Factor is opt-in. You must turn this on in User Settings -> Security. We hiiiiiiiighly recommend this. Here’s the steps:
- Turn on Two Factor in User Settings -> Security
- Download an authentication program like Googles Authenticator for iOS or Android or Authy (Pro-Tip: Twitch uses Authy for their 2FA so you can have Discord and Twitch in the same place).
- Hook up your Discord account to the app you downloaded with a QR code scan or by manually entering a code
- Enjoy secure Discord access that requires you to enter a code from your phone when you try to log in
After turning 2FA on, you should grab some of the backup codes displayed on screen. These can be used in the event you misplace or lose your authentication app. This is important as it’s the only way to get into your account if you lose your auth app.
Note that turning on Two-Factor will disable the IP Location Lock since 2FA is way more legit.
Lastly, check out our support article on how to set up 2FA. It even details server-wide 2FA which requires admins on your server use 2FA as well.
Password Management
Passwords are supposed to be long and include tons of varied characters right!?@$34kjlsZ? Did you know that you shouldn’t re-use passwords either? In other words, your Discord password should be unique to Discord.
How do you remember so many different complicated passwords though? IF ONLY SOMETHING EXISTED TO SOLVE THIS PROBL —
Password managers like 1Password or even LastPass will create complex passwords for you AND remember them. It’s extremely worth your time to set this up and pretty low-effort too.
TL;DR
If you do the following, it’ll be very difficult for someone to compromise your account:
- Your Discord password should be unique to Discord and if it’s a word in the dictionary you’re doing it wrong
- We recommend password managers like 1Password or LastPass which provide unique and complex passwords AND remembers them for you
- We now have an IP Location Lock which requires you to verify your log-in attempt from IP’s we don’t recognize as ones you’ve used in the past 30 days. If you use Two-Factor Authentication, we’ll bypass this step.
- We now have Two-Factor Authentication. Turn it on mkay?
- Stay safe, fam.
