password

description of the Good Knight /password-manage and /password-reset commands

Never share your Good Knight password with anyone!

Never post your password ANYWHERE within discord, even in DMs

Only use your password when executing a Good Knight command

Good Knight will never unexpectedly ask for your password

Command

/password-manage

/password-reset <@user>

tl;dr

Set, edit, and reset passwords & tokens

Description

This command allows the server owner, Good Knight admin, and Good Knight mods to set their password and one-time token, depending if the server requires a password, one-time token, or 2FA. The user's password/token is used to access most of the Good Knight commands.

Passwords & tokens are user-specific — you will never have to share passwords & tokens to obtain Good Knight access
Passwords & tokens are server-specific — if you're a Good Knight mod in multiple servers, you can set a different password & token in each
Passwords are one-way hashed — your password can never be leaked, even if a hacker breaches our database. See Is My Password Safe? for more info
Accounts lock after 3 failed password attempts — only the server owner can unlock the account by resetting their password
Tokens are one-time use — your token changes every 30 seconds and can only be accessed through your authenticator app. See Is My Password Safe? for more info
Tokens are usable with any authenticator app — Good Knight supports authenticator apps like Google Authenticator, Microsoft Authenticator, and Authy

⚠️ Remember to keep your Good Knight password & token safe! It's your last line of defense against any hacker. Never post your password or token anywhere within discord and never provide it to any user or bot, unless it's the result of a Good Knight command that you initiated. The Good Knight will never unexpectedly ask you for your password or token. If your account is compromised, the hacker will be able to see your messages, DMs, and even slash command inputs. This is why the Good Knight modals (pop-up boxes) are the ONLY way info can be hidden from a hacker that has compromised your account

The password command gives you access to several options based on your current status and permissions

Before using any protected Good Knight commands, you will be required to set a password and/or token. You will follow this process the first time you use /password-manage after being given access to the bot or if your password & token were reset.

Password:

If your server requires a password or 2FA, the password must follow these complexity rules:

⚠️ do not use your discord password!

After you execute the /password-manage command, you will be presented with this pop-up to set your new Good Knight password

Timed One-Time Token:

If your server requires a one-time token or 2FA, you will need to register your secret key with an authenticator app:

You have two options to register with your authenticator app, either through a QR code or directly from the secret key.

After following the secret key registration options, click Verify and enter your timed one-time token to confirm that you're set!

⚠️ QR codes can be dangerous! This is the ONLY time Good Knight will show you a QR code. Do not scan unexpected QR codes

It's a great idea to periodically update your password. To change your Good Knight password, you must know your previous one. After executing the /password-manage command you will be prompted with this pop-up

Your new password must follow the complexity rules described in the Set Password tab.

For one-time tokens, you cannot change them with this command. The only way to change your authenticator app token is to ask your server owner to reset it with the /password-reset command

Only the server owner or Good Knight admins can use this command

If a user forgets their password/token, or to unlock an account after 3 failed password attempts, the server owner or Good Knight admins can reset the password & token.

⚠️ Be very careful! Hackers may try to social engineer the owner account into resetting a user's password & token. It's recommended to wait 24 hours to fulfill a reset request and/or request proof using an alternate media platform

To reset a user's password & token, execute the /password-reset command along with mentioning the target user

After the user's password & token are reset, they will be able to use the /password-manage command.