Cold Accounts
Cold owner/admin accounts is critical for securing your Discord server!
If your server is ever compromised, the first step (of several) is to have every admin/mod reset their password which regenerates your user Discord token and can kick the hacker out of a compromised account
The Good Knight team's opinion is that this is the single most important concept for Discord security. Any account with Administrator permissions is a high value target for hackers since it allows a user to add/remove bots, webhooks, channels, users, and messages in addition to tagging @everyone. A hacker with these permissions can stop many mitigation attempts and can nuke a server. If the hacker compromises the owner account, it's basically all over for the server.

What is a Cold Account?

Every user that has Administrator permissions (owner/admin) in a server should have two accounts
  • Cold Account - The account with Administrator permissions. This account is only online to complete major server management tasks like adding bots, managing webhooks, or adding/deleting channels. Otherwise, the account is offline (cold
    🥶
    )
  • Hot Account - The account that a server owner/admin uses for day-to-day discord activity. This account should not have Administrator permissions

Why have multiple Cold Accounts?

While you can just use a single, Cold Owner account, and avoid assigning Administrator permissions to anyone else. That may leave your server vulnerable if a hacker strikes when you're asleep. It is recommended to setup multiple Cold Admin accounts to cover all timezones.

How to setup a Cold Account

It can be as easy as creating a second Discord account, but for secure servers will require a few extra steps. If server 2FA is enabled, any user with moderation power must have two-factor authentification enabled. This means that both your Cold Account and Hot Account will need 2FA. Discord requires a phone number to setup 2FA and will not let you use a number more than once which means you'll need access to a second phone. Note: most VoIPs don't work

Example Role Hierarchy

Below shows a discord server theoretical role hierarchy.
  • Cold Admins are at the top. Users with the Cold Admin role are the only users that should have the Administrator permission. The Cold Server Owner account does not need a role because it has the highest level by default
  • Good Knight bot is next, above the other bots
  • Other security and moderation bots are 3rd. These bots may require Administrator permissions.
    If any bot is above Good Knight, there's a risk that a hacker could use the bot to kick the Good Knight!
  • Staff and Moderators follow. These are active team accounts that should not have Administrator permissions but may have access to security and moderation features through bot commands
  • The general server Members follow and should have the minimal permissions needed
  • Other Bots are last. The bots in this category have specialized use cases like memeing, website feeds, games, etc. In most cases, it is best practice not to create a special role for these bots. Instead, add them to the Members role and address their permissions individually.
Copy link
On this page
What is a Cold Account?
Why have multiple Cold Accounts?
How to setup a Cold Account
Example Role Hierarchy