You need to know there are two different ways to access your account:
● With your username/password
● With your token ID which bypasses your username/password
It's straightforward to protect your username/password (you can simply annotate it in a paper sheet). However, your token ID can be stolen anytime, just by following a malicious link, either sent from DMs directly or from a CAPTCHA of fake servers. For this, it is implicit you follow the next instructions.
Table of Contents
- Unhook the applications to your main Discord profile.
- Use/change to a strong account password.
- Enable 2 Factor Authentication.
- Set your privacy settings.
- Set a 2FA on the email account linked to your Discord profile.
STEP 1: Unhook the applications to your main Discord profile.
Follow the steps shown below (you won’t lose access to any bots you have installed in past servers; the only thing we will ensure is your profile is not attached to a potentially dangerous application).
STEP 2: Use/change to a strong account password.
Follow these guidelines:
● A mix of uppercase and lowercase letters;
● At least 1 number;
● At least 1 special character (! ? # $ % etc.)
● Do not use English words; use a random mix of characters (eg: Hw&Mx4@p5@FK);
● Do not use a password that you use anywhere else; use a unique password;
● Use a password manager like 1Password (Mac) or Dashlane (Windows).
STEP 3: Enable 2 Factor Authentication.
Just below where you change your password you will find the following:
Also, set the “SMS Backup Authentication” (this will require you to attach a phone number).
STEP 4: Set your privacy settings
We strongly recommend that you follow the steps TWO to FOUR shown in the following discord security post.
STEP 5: Set a 2FA on the email account linked to your Discord profile.
Typically, hackers are able to break the security of your Discord profile by getting your password from your email addresses too. To avoid that you could set a 2FA on the email account linked to your Discord profile. Check if your email is reported in data breaches: https://haveibeenpwned.com/ (if not, you can use it).
Last but not least, if you have arrived at this point, we want to say thank you for taking care of the previous measures. To guarantee the safety of our community this is not the end, but only the beginning.
Next: Read about how to hire the best mods and the best team to build up your community.