[Blog] Securing your Discord Account

Discussion in 'Empire News' started by MoreMoople, Jan 15, 2023.

  1. Fred_TWK, Tbird1128, khixan and 9 others like this.
  2. interesting
    easy, tldr (too long that didnt read) version:
    • Don't use common password (i.e 12345678, password contain ur persornal infomation).
    • If you cant remember, use password manager (Lastpass, google password- intergrate into google chrome, edge password manager, mykl, etc...) and be sure ur password is secured for account stored your passowrd
    • Saw those ads says something about "free discord nitro"? or "get those voucher for free?" dont click it. it would breach ur acc easily
    • Be viligant. Dont give out ur persornal info to others easily (aka random), Extremely senstive info like ur house address, ur phone number, and email shouldn't be revealed to public
    607, AnonReturns and MoreMoople like this.
  3. I don’t think my password is common. AncientTower124 can fool a lot of people with that cause instead of 123 it’s 124.. Ha, Bazinga!
    607, HazardousCode, triphora and 2 others like this.
  4. 2FA all the way!
    Joy_the_Miner and MoreMoople like this.
  5. Very good article. :)

    I'd have a few comments to make it slightly better.

    This has been shown to be less safe than using just a few random characters. Dictionary attacks exists nowadays, and having the words related to each other make the attack easier. See for example here.

    This is valid only if you're concerned about "Evil maid attacks", i.e. you're concerned that someone with physical access to your desk will steal the passwords, otherwise it is a safe practice.
    Overall, if the choice is between having easy-to-remember passwords or written-down hard-to-remember complex passwords, the second wins.
    Using a manager is a more robust solution, of course, particularly if you need to log in from different devices that are in different locations (home/work/school/library).

    The absolute best would be to use a fob such as yubikey, but the app is a very good second. And not all apps/websites support fob-based 2FA.

    Sidenote:

    If your main email account does not support 2FA, move to one that does, and change your accounts so that they are connected to this new email.
    Email compromise is fairly low-hanging fruit that give malicious actors access to all the accounts you have connected to that address. And with email access they can reset the passwords, many times with the possibility to circumvent your 2FA settings.
    607 and MoreMoople like this.
  6. I have been using "pizzas" as my password for something for the past 12 years. Nobody has guessed the password yet :)
    FadedMartian and MoreMoople like this.
  7. :eek::confused:
    farmerguyson and FadedMartian like this.
  8. i knew that was you margaritalover420
  9. + 100

    Truer words could not be said.

    About 2 years ago, a friend of mine was hacked, and the hacker was actively using his account while my friend was online using it as well. The hacker promoted that "Steam Account" scam in every server I was in with him, as well as sending it to me multiple times. I responded and called out the hacker and he shut up. --- My friend, however, was surprised this was happening, as it left no paper trail for him, since Discord allows multiple devices to access the same account without booting the others off. He didn't have 2FA enabled. Long story short, I spoke to him and he didn't think he would ever need it, but he has it enabled now! :D
    MoreMoople likes this.
  10. Indeed. I do personally often use words, but I make sure to mix different languages and a non-dictionary word or two and make a nonsensical phrase, such as (this is not an actual password of mine) "Zwei Twix amongst jongleren :o". Still makes it much, much easier to enter (if you can't copy) than random letters, but hopefully there are no dictionary attacks that would catch this one yet.
    MoreMoople and Fred_TWK like this.