Two-Factor Authentication (2FA for short) is a good way to add an extra layer of security to your Discord account to make sure that only you have the ability to log in.
Important note: At the moment, you can only enable / disable 2FA on your account from the desktop app or modern browsers. Mobile users will have to access a computer to use 2FA. Only once though, we promise! =]
It's like having this guy guard access to your Discord account.
The Setup Process
Start by clicking the lil' cog down by your username and avatar.
DON'T GO ANYWHERE. You'll directly land on "My Account", which will offer Two-Factor Authentication right underneath your username/avatar/email info.
Once you click the enable button, you'll see a new 3 step prompt pop up. To begin the 2FA process, you'll either need to download Google Authenticator or Authy on your mobile device. Either one of these programs will work here.
Authenticate me, Google!
If you're using Google Authenticator, you'll be prompted to choose your input method, either scanning a barcode or entering a provided key:
Either one of these will work fine (since Discord provides both input methods) but keep in mind, Google Authenticator on Android will need you to install another barcode scanning app if you want to use that option. They require the ZXing Barcode Scanner app, which is totally fine and dandy:
Or, you can just input the code provided in Discord; no Barcode Scanner required.
Within Authy, you'll first need to enter your phone number and email to authenticate your phone:
You'll see a new pop-up with the option to verify via phone call or text message. Internal testing has yielded results that claim that the most recent smartphones are in fact capable of making and receiving phone calls, despite how rare this phenomenon appears.
Once you've authenticated your device, go ahead and press the "+" button in the center to add a new authentication account. Finally, you'll reach the "Authenticator Accounts" screen. You'll have the option to scan a QR code, or enter the code manually.
By our powers, combined!
Use Authy's (or Google Authenticator's) QR scanner on the QR code provided within Discord here:
This'll generate a 6 digit code that is the final piece to enabling 2FA in Discord. Enter it in, and you're good to go.
Seriously important stuff
Once you've enabled 2FA successfully, you'll see an option for "view backup codes" in the "My Account" tab. You'll need to re-enter your Discord password to see them. These can be used in an emergency to log back into Discord if you lose your phone or delete your authentication app for some reason (but don't do that. seriously). These codes are one-time use each. If you run out of these codes, you can click the Generate Codes button again to re-roll a new set, but doing so will render the previous list obsolete, so be 100% sure to keep the latest set somewhere safe.
No seriously, store them where you'll remember them. These are your last chance to recover your Discord account. We won't be able to help you if you lose these codes.
Server owners also have an extra security lever they can pull to prevent unwanted perpetrators from causing havoc in their servers.
Why do we even have that lever? You'll find out shortly!
In your Server settings menu, you'll see a Moderation tab that allows you to require 2FA server-wide. While this doesn't require everyone that joins the server to have 2FA enabled, it does mean that anyone with admin powers won't get to use them unless they enable it. They'll see this pop up instead:
The specific permissions that are disabled ("Admin privileges") include:
Kick Members, Ban Members, Administrator, Manage Channels, Manage Server, Manage Roles, and Manage Messages.
Clicking the Resolve link in the popup will bring you directly to the security tab in your User Settings menu, where you can follow the above listed steps to get that set up and regain your Admin powers.