Two-Factor Authentication (2FA for short) is a good way to add an extra layer of security to your Discord account to make sure that only you have the ability to log in.
Important note: At the moment, you can only enable / disable 2FA on your account from the desktop app or modern browsers. Mobile users will have to access a computer to use 2FA. Only once though, we promise! =]
It's like having this guy guard access to your Discord account.
The Setup Process
Start by clicking the lil' cog down by your username and avatar.
DON'T GO ANYWHERE. You'll directly land on "My Account", which will offer Two-Factor Authentication right underneath your username/avatar/email info.
Once you click the enable button, you'll see a new 3 step prompt pop up. To begin the 2FA process, you'll either need to download Google Authenticator or Authy on your mobile device. Either one of these programs will work here.
Authenticate me, Google!
If you're using Google Authenticator, you'll be prompted to choose your input method, either scanning a barcode or entering a provided key:
Either one of these will work fine (since Discord provides both input methods) but keep in mind, Google Authenticator on Android will need you to install another barcode scanning app if you want to use that option. They require the ZXing Barcode Scanner app, which is totally fine and dandy:
Or, you can just input the code provided in Discord; no Barcode Scanner required.
Within Authy, you'll first need to enter your phone number and email to authenticate your phone:
You'll see a new pop-up with the option to verify via phone call or text message. Internal testing has yielded results that claim that the most recent smartphones are in fact capable of making and receiving phone calls, despite how rare this phenomenon appears.
Once you've authenticated your device, go ahead and press the "+" button in the center to add a new authentication account. Finally, you'll reach the "Authenticator Accounts" screen. You'll have the option to scan a QR code, or enter the code manually.
By our powers, combined!
Use Authy's (or Google Authenticator's) QR scanner on the QR code provided within Discord here:
This'll generate a 6 digit code that is the final piece to enabling 2FA in Discord. Enter it in, and you're good to go.
Seriously important stuff
Once you've enabled 2FA successfully, you'll have a fancy little box pop up with a couple suggestions to help make sure you can access your account in case of an emergency:
You did it!
You can now link your phone number to your account to help act as a backup method for obtaining 2FA codes. This is to help should you be worried about losing access to your authenticator app say by dropping your phone in water/lava/a hippo/etc.
Make sure to also download your backup codes. Keep them safe, and loved. Tuck a paper copy of them in your diary, or your dairy. Your choice.
I'll do it later!
Didn't have time to add your phone as back up? Forgot to download your backup codes? It's all good, You can still do this in your account settings! Your settings screen will now look like this:
Account Settings > My Account
Step 1. Click that 'Enable SMS Authentication' button.
Step 2. Verify that number in Discord.
After you have enabled SMS Authentication, your login screen will look like this:
Now when you login, if the feature is enabled, you will have a link to request an SMS with a code to authenticate yourself as a backup option.
Note: To download your backup codes, simply click on the 'View Backup Codes' button and enter your password. Should you ever have to reset 2FA on your account - make sure to save a new set of Backup Codes, as each set is unique to when you enable 2FA on your account.
Server owners also have an extra security lever they can pull to prevent unwanted perpetrators from causing havoc in their servers.
Why do we even have that lever? You'll find out shortly!
In your Server settings menu, you'll see a Moderation tab that allows you to require 2FA server-wide. While this doesn't require everyone that joins the server to have 2FA enabled, it does mean that anyone with admin powers won't get to use them unless they enable it. They'll see this pop up instead:
The specific permissions that are disabled ("Admin privileges") include:
Kick Members, Ban Members, Administrator, Manage Channels, Manage Server, Manage Roles, and Manage Messages.
Clicking the Resolve link in the popup will bring you directly to the security tab in your User Settings menu, where you can follow the above listed steps to get that set up and regain your Admin powers.