Last updated on November 22nd, 2023 at 12:55 pm
Discord has recently rolled out support for security keys! If you don’t know, security keys are a physical device you can use to protect your accounts using two-factor authentication (2FA). They are the strongest form of 2FA available and the only form that is phishing-resistant.
In this post, I’ll show you how to lock down your Discord account with security keys and help you decide whether security keys are the right form of 2FA for you.
You can also watch my short YouTube video to see how to set up security keys using the Discord mobile app:
Table of contents
- Setting up security keys using the Discord mobile app
- Setting up security keys in Discord in your browser or the desktop app
- Logging in with security keys
- Removing security keys from your Discord account
- Pros and cons of security keys
- The takeaway
Setting up security keys using the Discord mobile app
Let’s see how to set up security keys in Discord’s mobile app! I’ll be using an Android device, but the steps should be similar for iPhones as well.
First, make sure you have your security keys handy. Ideally, you’ll add at least two keys to your account so that you have a backup in case one gets lost. Otherwise, you could be locked out of your Discord account for good.
Next, open the Discord app and tap your profile icon on the bottom right of the screen. Then select the settings icon on the top right and tap “account.” Scroll down to “Multi-factor authentication” and then select the “security keys” option.
Next, tap “Register a Security Key,” then select “Let’s go.” You’ll now be prompted to connect your key to your mobile device. How you’ll do this will depend on the key and mobile device you have.
For example, my security key has a USB-C connector which plugs directly into my phone. It also has NFC which I can use to connect it without having to plug it in. If your security key doesn’t fit your phone and doesn’t have NFC, you could connect it using an adapter instead.
If your security key has a light, it should start flashing once it’s connected. You’ll then need to push the button on your key. The position of the button can vary depending on the key you have. Mine is in the middle of the key, so you can’t miss it.
Once that’s done, Discord will prompt you to give your key a name. You’ll want to name it something descriptive. I called mine “Rainbow key” due to how colorful it is. That way, if I ever lose it and need to delete it from my Discord account, I’ll know which key to delete!
You’ll then need to tap “Finish” and Discord will present you with several single use back-up codes. If you lose your security keys or they stop working, you’ll need to use these codes to get back into your Discord account. So, write them down and store them somewhere safe, like with your passport.
You can then repeat the same process to add extra security keys to your account via the Discord mobile app. Or, you can follow the instructions below to add more using Discord on the web or the desktop app.
Setting up security keys in Discord in your browser or the desktop app
Let’s see how to set up security keys in Discord using your browser or the desktop app.
First, gather your security keys. It’s good practice to add at least two to your account, just in case one gets lost. Next, either open your browser and head over to discord.com or open the Discord desktop app.
If you haven’t already, log in to your account and then select the “user settings” wheel icon at the bottom left of the screen. Scroll down to the “Password and authentication” section and then select the “Register a security key” button.
Discord will then display a notice that says, “When you are ready to authenticate, press the button below.” Click “Let’s go.”
A notice will then pop up with different options for setting up your security key. The exact options will differ somewhat depending on the device you use. For example, on Windows I’m given the option to create a key using a Windows Hello PIN or to use a security key. And on ChromeOS, I can choose to set up a passkey on a phone, tablet or the ChromeOS device itself, or use a USB security key.
Select the “security key” option. You’ll then be prompted to plug in your security key and, if it’s protected by a PIN code, you’ll be asked to enter that, too. Next, you’ll be prompted to tap the button on your key.
Finally, you’ll need to give your key a descriptive name. That way, if you ever need to remove it from your account (e.g. because you lost it), you’ll know which key to remove!
Once you’ve named your key, Discord will give you a list of backup codes. Make sure you write these down and store them somewhere safe. If you lose your key or it malfunctions, you’ll need a security key to regain access to your Discord account.
Once you’ve finished, you can go back and add more security keys to your account if you have them. Remember, it’s recommended to have at least two keys linked to your Discord account, just in case one gets lost.
Logging in with security keys
Logging in with a security key is simple. Enter your username and password as usual and then Discord will prompt you to authenticate using your security key. If your key is protected with a PIN, you’ll need to enter that first. Then, just tap your key and voilà, you’ll be logged in!
Removing security keys from your Discord account
If you’ve lost a security key that you linked to your Discord account, don’t panic! You can easily remove that key from your account, so long as you have a backup code, another key, or a different form of 2FA enabled on your account.
To remove a key, head back to your account settings, scroll down to the multifactor authentication section and select “security keys.” You’ll see a list of names of the keys added to your account. Select the one you want to remove and hit “delete.” This will trigger a multi-factor authentication prompt. Once you’ve authenticated, the key will be deleted from your account.
Pros and cons of security keys
Security keys are the most secure form of 2FA you can get. They prevent even the most advanced phishing attacks from stealing your session token and giving hackers access to your account.
Security keys are also, in my opinion, very easy to use. You just have to plug them in, tap them, and you’re in! But, they’re not for everyone.
For starters, security keys are not free. The cheapest models cost around $25 each and the most expensive ones can cost over $100. Considering you should use at least two keys in case one gets lost, that means you’re looking to spend at least $50. For some people, that’s just too much.
Second, security keys are another physical device you’ll need to carry with you. If you hate the thought of this, or if you’re someone who loses things easily, security keys might not be the right option for you.
If security keys don’t seem like a good fit for you, an authenticator app is a solid alternative. While authenticator-based 2FA can still be phished, authenticators are widely regarded as a secure option for 2FA.
Discord also offers SMS based 2FA, but I recommend you avoid this if you can. Receiving 2FA codes via SMS is not secure and comes with other, less obvious, risks as well.
Discord now supports the most secure form of 2FA: security keys! Unlike most forms of 2FA, security keys are not vulnerable to sophisticated phishing attacks that can steal session tokens and hijack your account. So if you use Discord for important projects, consider using security keys to give your account extra protection.