Undetectable Humanizer: Lifetime Subscription
Transform AI-Generated Text into Human-Like, High-Ranking Content & Bypass Even the Most Sophisticated AI Detectors
Get 95% Deal

Protect your Discord account with a Security Key

Martin Brinkmann
Dec 16, 2023
Security
|
1

Users of the chat app Discord may now protect their accounts using security keys. The developers of Discord have added the option to the existing arsenal of multi-factor authentication options that the service supports.

Used by over 500 million users worldwide, Discord is a lucrative target for malicious attacks such as phishing. Discord users are encouraged to add a two-factor authentication protection to their account to protect it better against phishing and other attacks that target the account.

Up until now, users could use an authenticator application to add this second layer of security to the account. This system works through third-party authentication apps, such as Google Authenticator, Microsoft Authenticator, Aegis or Authy, that generate temporary codes when opened. Discord requests the code after username and password have been checked successfully. The user needs to type the code to gain access to the account.

Attackers who manage to gain access to the username and password, for instance through phishing, still need access to the temporary code to sign-in successfully to the account.

WebAuthn is a new security standard that is establishing itself as an alternative to using temporary codes. It offers several advantages, but there are also disadvantages that users need to be aware of.

The main idea is that the security key, also known as passkeys, is generated on the user's device. A public part of the key is transferred to Discord, a private part stays on the users system. While that sounds complicated, it is not. Systems like Windows Hello or Apple Face ID / Touch ID support this functionality, but you can also use hardware keys if  you prefer that.

Options include Google's updated Titan Security Key, YubiKey devices or Thetis.

One of the main disadvantages is that Security Keys are not yet supported everywhere. It may also be difficult to synchronize data between devices, if no hardware key is used. Some password managers support storing passkeys data already, including Bitwarden or NordPass Password Manager.

Registering a security key on Discord

Discord Register a security key

Setting up a security key to protect a Discord account is a straighforward process. Here is what you need to do:

  1. Visit the Discord website and sign-in to your account.
  2. Open the User Settings on the site.
  3. Scroll down the page that opens -- My Account -- until you come to the Security Keys section.
  4. Activate the "Register a Security Key" button to start the process.
  5. Type the account password when prompted to do so.
  6. Activate the "Let's Go" button on the next page of the process.
  7. The "Choose where to save this passkey" prompt lists several options. You may use a mobile device to save the passkey or a security key. Select Security Key and click Next to proceed.
  8. Select OK on the next screen to confirm setting up the security key.
  9. You are prompted now to insert the security key into an USB port.
  10. You may be asked to tap on a button on the hardware key to confirm the process.
  11. Select a Pin and confirm it.
  12. Name the Security Key.
  13. You should now get a "2FA is activated" prompt. There you have the option to download backup codes. These can be used instead of the security key. They are a last resort, for instance when the security key gets damaged or lost. Save them to a secure place, e.g., a password manager or encrypted partition.
  14. This is all there is to it.

You should see the following screen now when you go back to the My Account section in Settings.

Discord Setup Security Key

Discord should confirm on the page that two-factor authentication is enabled. You should also see the option to view backup codes and that a security key is assigned to the account.

When you sign-in from now on, you are prompted to use the security key to verify the process after you provide the username and password of the account.

Now You: do you use security keys / passkeys already?

Summary
Protect your Discord account with a Security Key
Article Name
Protect your Discord account with a Security Key
Description
Find out how to better protect your Discord account by enabling two-factor authentication using security keys.
Author
Publisher
Ghacks Technology News
Logo
Advertisement

Previous Post: «
Next Post: «

Comments

  1. Brett said on December 21, 2023 at 10:53 pm
    Reply

    This is great news, I guess? But it’s not clear whether or not Discord will allow QR code sign in if you use a security key. My guess so far is that it will allow QR code login.

    Currently, I am already logged in to discord on my phone, but if someone else has my phone, they can log in as me on any computer, WITHOUT USING ANY USERNAME, PW, OR 2FA that I have already set up with Authy. That is pathetic security. Why bother with Authy at all?

    I want to know, before I buy a Yubikey ($50) or the like, will this stop QR code login? There is currently no option to disable QR code login, so I doubt it.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.