Protect Your Discord Account With Security Keys

Security / 2FA / By /

Last updated on January 26th, 2024 at 03:43 am

A phone with the Discord log in screen that reads "Welcome to Discord Join over 100 million people who use Discord to talk with communities and friends. Register. Login" Next to the phone are three security keys.
My Android phone and three security keys. Photo credit: Rebecca Lea Morris

Discord has recently rolled out support for security keys! If you don’t know, security keys are a physical device you can use to protect your accounts using two-factor authentication (2FA). They are the strongest form of 2FA available and the only form that is phishing-resistant.

In this post, I’ll show you how to lock down your Discord account with security keys and help you decide whether security keys are the right form of 2FA for you. 

You can also watch my short YouTube video to see how to set up security keys using the Discord mobile app.

Get our FREE guide & avoid 2FA errors!

Table of contents

Setting up security keys using the Discord mobile app

Let’s see how to set up security keys in Discord’s mobile app! I’ll be using an Android device, but the steps should be similar for iPhones as well.

First, make sure you have your security keys handy. Ideally, you’ll add at least two keys to your account so that you have a backup in case one gets lost. Otherwise, you could be locked out of your Discord account for good. 

Next, open the Discord app and tap your profile icon on the bottom right of the screen. Then select the settings icon on the top right and tap “account.” Scroll down to “Multi-factor authentication” and then select the “security keys” option.

Screenshots of Discord's UI showing how to navigate to the security key section.
Here’s a visual display of how to find the security key options. Screenshots edited in Canva.

Next, tap “Register a Security Key,” then select “Let’s go.” You’ll now be prompted to connect your key to your mobile device. How you’ll do this will depend on the key and mobile device you have.

For example, my security key has a USB-C connector which plugs directly into my phone. It also has NFC which I can use to connect it without having to plug it in. If your security key doesn’t fit your phone and doesn’t have NFC, you could connect it using an adapter instead.

A security key connected to an Android phone during the set up process with Discord.

If your security key has a light, it should start flashing once it’s connected. You’ll then need to push the button on your key. The position of the button can vary depending on the key you have. Mine is in the middle of the key, so you can’t miss it. 

Once that’s done, Discord will prompt you to give your key a name. You’ll want to name it something descriptive. I called mine “Rainbow key” due to how colorful it is. That way, if I ever lose it and need to delete it from my Discord account, I’ll know which key to delete!

You’ll then need to tap “Finish” and Discord will present you with several single use back-up codes. If you lose your security keys or they stop working, you’ll need to use these codes to get back into your Discord account. So, write them down and store them somewhere safe, like with your passport. 

You can then repeat the same process to add extra security keys to your account via the Discord mobile app. Or, you can follow the instructions below to add more using Discord on the web or the desktop app.

Setting up security keys in Discord in your browser or the desktop app

Let’s see how to set up security keys in Discord using your browser or the desktop app.

First, gather your security keys. It’s good practice to add at least two to your account, just in case one gets lost. Next, either open your browser and head over to discord.com or open the Discord desktop app. 

If you haven’t already, log in to your account and then select the “user settings” wheel icon at the bottom left of the screen. Scroll down to the “Password and authentication” section and then select the “Register a security key” button.

First click on the wheel icon to bring up the user settings. Then scroll down to find the "Password and Authentication" section. Finally, look for the "Register a security key" button in blue.
Screenshots edited in Canva.

Discord will then display a notice that says, “When you are ready to authenticate, press the button below.” Click “Let’s go.” 

A notice will then pop up with different options for setting up your security key. The exact options will differ somewhat depending on the device you use. For example, on Windows I’m given the option to create a key using a Windows Hello PIN or to use a security key. And on ChromeOS, I can choose to set up a passkey on a phone, tablet or the ChromeOS device itself, or use a USB security key.

Windows Security Popup: Set up Windows Hello to sign in to discord.com as REDACTED. This request come from Brave, published by Brave Software, Inc. PIN More choices PIN Security Key Select "Security Key"
Screenshot of the dialogue that pops up in Windows when you try to register a security key in Discord on the web or via their app.

Select the “security key” option. You’ll then be prompted to plug in your security key and, if it’s protected by a PIN code, you’ll be asked to enter that, too. Next, you’ll be prompted to tap the button on your key.

A finger tapping on a security key that is plugged into a red Chromebook.
Tapping the button on a security key on my Chromebook to better protect my Discord account. Photo credit: Rebecca Lea Morris

Finally, you’ll need to give your key a descriptive name. That way, if you ever need to remove it from your account (e.g. because you lost it), you’ll know which key to remove!

Once you’ve named your key, Discord will give you a list of backup codes. Make sure you write these down and store them somewhere safe. If you lose your key or it malfunctions, you’ll need a security key to regain access to your Discord account.

Download Backup Codes Without your backup codes, you are at risk of losing your account permanently if you lose access to your authenticator! Save these somewhere safe on and off your device to reduce the risk of loosing your account! Download backup covdes
Don’t forget your backup codes! Screenshot from Discord.

Once you’ve finished, you can go back and add more security keys to your account if you have them. Remember, it’s recommended to have at least two keys linked to your Discord account, just in case one gets lost.

Logging in with security keys

Logging in with a security key is simple. Enter your username and password as usual and then Discord will prompt you to authenticate using your security key. If your key is protected with a PIN, you’ll need to enter that first. Then, just tap your key and voilà, you’ll be logged in!

Removing security keys from your Discord account

If you’ve lost a security key that you linked to your Discord account, don’t panic! You can easily remove that key from your account, so long as you have a backup code, another key, or a different form of 2FA enabled on your account.

Security Keys Add an additional layer of protection to your account with a Security Key. OldBlueKey --> Edit/Delete RainbowKey BlueAgateKey
You can remove security keys added to your account. Screenshot edited in Canva.

To remove a key, head back to your account settings, scroll down to the multifactor authentication section and select “security keys.” You’ll see a list of names of the keys added to your account. Select the one you want to remove and hit “delete.” This will trigger a multi-factor authentication prompt. Once you’ve authenticated, the key will be deleted from your account.

Pros and cons of security keys

Security keys are the most secure form of 2FA you can get. They prevent even the most advanced phishing attacks from stealing your session token and giving hackers access to your account. 

Security keys are also, in my opinion, very easy to use. You just have to plug them in, tap them, and you’re in! But, they’re not for everyone. 

For starters, security keys are not free. The cheapest models cost around $25 each and the most expensive ones can cost over $100. Considering you should use at least two keys in case one gets lost, that means you’re looking to spend at least $50. For some people, that’s just too much.

Second, security keys are another physical device you’ll need to carry with you. If you hate the thought of this, or if you’re someone who loses things easily, security keys might not be the right option for you.

A photograph of a smart phone with ente Auth authenticator on top of a red Chromebook.
If you don’t like security keys, an authenticator app is another good option! Photo credit: Rebecca Lea Morris.

If security keys don’t seem like a good fit for you, an authenticator app is a solid alternative. While authenticator-based 2FA can still be phished, authenticators are widely regarded as a secure option for 2FA. 

Discord also offers SMS based 2FA, but I recommend you avoid this if you can. Receiving 2FA codes via SMS is not secure and comes with other, less obvious, risks as well.

The takeaway

Discord now supports the most secure form of 2FA: security keys! Unlike most forms of 2FA, security keys are not vulnerable to sophisticated phishing attacks that can steal session tokens and hijack your account. So if you use Discord for important projects, consider using security keys to give your account extra protection.

Avoid these 2FA mistakes Sign up for our free guide Plus receive weekly updates on security and privacy news Sign up!

Leave a Comment

Your email address will not be published. Required fields are marked *