Two-Factor authentication is what can keep your information secure on the internet. Also abbreviated as 2FA, this system exists to combat cyber crime. In this day in age, it isn’t enough to just have a username and password. Your private data may be at risk!
What is Two-Factor Authentication?
At it’s most basic, two-factor authentication requires the user to confirm their identity in more than one way. If you haven’t used it online yet, you may have used it already offline. If you have used a debit card to make a purchase, your first factor was the card itself, and the second was your PIN.
Logging in to your favorite website or app with two-factor authentication will be very much the same. Generally you need to log in with your account information, then receive a code via app or text message on your phone, that you need to type in on the app you’re trying to log into.
The essence of 2FA is that the second layer of verification involves something that only you would know, or that only you would have (such as your phone, or your fingerprint).
Types of Factors
Two-factor authentication can be achieved in a variety of ways. Some can combine digital and physical, even, for maximum security.
Knowledge factors are things that only you know. This could be as simple as a password, including a PIN, and it is expected that the user memorizes this. Secret questions like “Where did you go to high school?” are not ideal for this, because those things can be known by a lot of other people.
Possession factors are things that you physically possess. An actual key is the best example of this, and is essentially what this token is. In some cases this could actually just be a real key. It could also be something in a USB device, or a chipped ID card. These tokens may be connected or not connected to the computer itself.
Now we’re getting fancy. Inherence factors go beyond a physical token (which someone could theoretically steal from you) and rely on parts of your body! These biometrics include fingerprint scanners, retina scanners, and voice and facial recognition.
Two-Factor Authentication on Phones
Most two-factor authentication that takes place on an app like Discord is going to be done through your mobile phone. When logging in on desktop, you can receive a randomly generated, one-time-use password via text message or push notification. This is very convenient for most people, as smartphones are carried around everywhere! It’s a token that people always have with them.
Unfortunately, there are some security concerns with this kind of authentication, as an SMS message could be intercepted. The other problem is that if a phone is stolen, a thief could use all of the logged-in apps to take advantage of authentication services sending notifications to the same phone.
However, on the plus side, phones are carried all the time, randomly generated codes are very secure, and those codes expire after use.
How Discord Uses 2FA
Discord includes optional two-factor authentication. By default, it is turned off, but desktop users can easily switch it on from their My Account settings. It will prompt you to download Google Authenticator or Authy on your phone. Discord will provide you a code and a barcode, either of which will work to set up the authentication.
Next, you will use the authenticator app to scan a QR code provided by Discord. The QR code will generate a 6-digit numerical code to type back into Discord on the desktop.
After that, Discord lets you add your phone number and download backup codes to access your authenticator app if you lose your phone. You can do these things at any time if you don’t want to right away.
Next time you log in to Discord, you will see a screen that prompts you to send a code to your mobile device by text message. This will authenticate yourself.
2FA on Servers
You can also use two-factor authentication on servers. This doesn’t mean that everyone in the server needs to use it. Just those with admin powers will be required to use 2FA in order to moderate the server. This means that everyone that has special privileges on the server won’t cause issues if their accounts are compromised.
Now that you know all about two-factor authentication, we strongly recommend that you use it on all of the apps and websites you use, beyond just Discord. This level of security is essential when hackers and data breaches are common. The user needs to do all they can to protect themselves and their data.