How to Set Up 2FA on Discord with an Authenticator App

Discord account hijacking is one of the most common attacks in online communities. Compromised accounts are used to spread phishing links, scam server members, and steal Nitro subscriptions. If you moderate a server, Discord requires 2FA for administrative actions. Even if you don’t, protecting your account takes under three minutes.

Why Bother with 2FA on Discord?

• Account takeover is common. Discord phishing attacks (fake “free Nitro” links, QR code scams, malicious bots) are widespread. 2FA stops most of them cold.
• Server admins need it. Discord requires 2FA for moderators and admins who want to perform administrative actions on servers with 2FA enforcement enabled.
• Your account has value. Even a personal account holds your DM history, server memberships, payment info, and social graph.

What You’ll Need

• A Discord account
• A phone with an authenticator app (FactorCat, Google Authenticator, or any TOTP-compatible app)
• Access to Discord on desktop or browser (easier to set up than mobile, but mobile works too)

Step-by-Step Setup

1. Open User Settings

Click the gear icon next to your username (bottom-left on desktop, or tap your avatar on mobile → Settings).

Navigate to “My Account.”

2. Enable Two-Factor Authentication

Scroll down and click “Enable Two-Factor Auth.”

Discord will ask you to enter your current password to confirm.

3. Scan the QR Code

Discord displays a QR code and a 2FA secret key below it.

Open your authenticator app:

• In FactorCat: Tap + → Scan QR Code. The token is added and labeled “Discord” automatically.
• In other apps: Use the add/scan function.

Can’t scan? Click “Enter the key manually” and type the 2FA secret into your authenticator app.

4. Enter the Verification Code

Type the 6-digit code currently shown in your authenticator app. Click “Activate.”

5. Download Backup Codes

Discord will show you a set of backup codes. Save these immediately:

• Screenshot them or copy to a secure location
• Each backup code works only once
• If you lose your phone and don’t have these codes, recovering your Discord account is extremely difficult — Discord’s support process for 2FA removal can take weeks and requires identity verification

6. Done

2FA is now active on your Discord account. You’ll need a code from your authenticator app each time you sign in on a new device or browser.

Enabling 2FA Enforcement for Your Server

If you own or administrate a Discord server, you can require 2FA for all moderators:

1. Open Server Settings → Safety Setup (or Moderation)
2. Enable “Require 2FA for moderator actions”

When enabled, any moderator without 2FA will be unable to delete messages, kick/ban members, or change server settings until they enable 2FA on their own account.

Using 2FA Day-to-Day

Desktop and Browser

When signing in, enter your password, then the 6-digit code from your authenticator app. If you use an authenticator with browser auto-fill (like FactorCat), the code fills in automatically.

Mobile

The Discord mobile app will ask for a 2FA code when you sign in. You’ll need to switch to your authenticator app, copy the code, and switch back. (Or use FactorCat, which handles this with a push notification.)

Common Gotcha: Discord QR Login

Discord allows signing in by scanning a QR code displayed on the desktop app with your phone. This bypasses 2FA entirely — be cautious. Never scan a Discord QR code that someone else sends you. This is the #1 Discord phishing attack vector.

Tips

• Don’t fall for “Discord Nitro” scams. If someone sends you a link claiming free Nitro, it’s almost certainly phishing. These links lead to fake Discord login pages designed to steal your credentials and 2FA codes.
• Be wary of bot DMs. Legitimate Discord bots don’t ask for your password or 2FA codes.
• Review authorized apps. Check Settings → Authorized Apps periodically and revoke any you don’t recognize.

Next Steps

Discord secured. Keep going:

• Set up 2FA on Instagram — high-value target for hijacking
• Set up 2FA on Google — if your Discord account uses Google sign-in, protect the source
• Set up 2FA on Fortnite / Epic Games — same 2FA setup, plus free in-game rewards

---

Tired of switching between Discord and your authenticator app? FactorCat sends a push notification to your phone when Discord asks for a code. Tap approve, and the code fills in automatically. Two seconds, no app switching.