Enable 2FA for Your Discord Account so You Don’t Get Phished

Illustration: DiscordThe good news? A recent phishing attempt hit Discord and only ensnared a small batch of users—around 2,500 in all. The bad news? There’s no easy tool to tell if you’re on that list, so you might as well take a moment to reset your password on the service right now. More important, it’s time to stop being lazy and enable two-factor authentication, which can help protect you from phishing attempts going forward.As Vice reported today, the list of suckered users is small, and even full of smart Discord users who realized they were being phished:“Some of the invalid login details are clearly fake, with emails such as ‘fucking@phish.io’ and the password ‘fucku,’ likely from people who are trying to provide the hackers with garbage data.”Unfortunately, there are also legitimate accounts on the list. Even if yours hasn’t been affected—and there’s a good chance you’re in the clear, especially if you haven’t supplied your Discord login and password to any website or service lately—moments like these are wonderful opportunities to consider your security practices:Are you using an easy-to-guess password?Are you using the same password on Discord you use for other services?Are you using a password manager to store the unique passwords you should be using for each service?Have you enabled two-factor authentication?Changing your password on DiscordTo change your Discord password, pull up the website or desktop app and click on the gear icon to the right of your name in the lower-left corner of the screen. Then, click on the Edit button in your “My Account” section:Screenshot: David MurphyFrom there, look for the “Change Password?” link. Click it, type in your current and new password, and click Save to confirm your change.Adding two-factor authentication to your Discord accountYes, Discord should email you whenever it detects a login attempt from a new IP address. It’s still a better practice to enable two-factor authentication, as anyone with access to your email—especially if you’ve been using the same password for multiple services—could approve the request. With 2FA, an attacker would need to physically be able to access your device and authenticator app to log in as you. While it’s still possible for an attacker to convince you to type your 2FA security code into a site or app that isn’t actually Discord, 2FA will at least help you stay a little safer—beyond that, the onus is on you to ensure you’re entering your credentials on the right site.To get started with 2FA on Discord, look for the Two-Factor Authentication section within the service’s “My Account” screen. Click the “Enable Two-factor Auth” button.Screenshot: David MurphyClick it, and you’ll be prompted with the standard QR code you should be used to seeing if you’ve enabled two-factor authentication for your other accounts (which you should do!). Scan it with your favorite authenticator app—we like Authy, but there are plenty of alternatives—and input the code it gives you to confirm it works.You’ll then be prompted to sign up for SMS Authentication as a backup method, which is less secure than a 2FA app. You’ll also be asked to download your backup codes, which you should absolutely do in case you lose access to the authenticator app and can’t log into Discord anymore.
Read More

from dailynews https://ift.tt/2GAlq2U
via IFTTT