The Good Knight team's opinion is that this is the single most important concept for Discord security. Any account with
Administratorpermissions is a high value target for hackers since it allows a user to add/remove bots, webhooks, channels, users, and messages in addition to tagging @everyone. A hacker with these permissions can stop many mitigation attempts and can nuke a server. If the hacker compromises the owner account, it's basically all over for the server.
Every user that has
Administratorpermissions (owner/admin) in a server should have two accounts
- Cold Account - The account with
Administratorpermissions. This account is only online to complete major server management tasks like adding bots, managing webhooks, or adding/deleting channels. Otherwise, the account is offline (cold)🥶
- Hot Account - The account that a server owner/admin uses for day-to-day discord activity. This account should not have
While you can just use a single, Cold Owner account, and avoid assigning
Administratorpermissions to anyone else. That may leave your server vulnerable if a hacker strikes when you're asleep. It is recommended to setup multiple Cold Admin accounts to cover all timezones.
It can be as easy as creating a second Discord account, but for secure servers it will require a few extra steps. If the Require 2FA for Moderator Accounts setting is enabled in the Safety Setup tab, any user with moderation power must have two-factor authentication enabled. This means that both your Cold Account and Hot Account will need 2FA. We highly recommend enabling this setting.
Also, we recommend adding a phone number to the cold account. Discord has been known to suspend new accounts that take over server ownership without phone verification. This means you'll need access to a second phone. Note: most VoIPs don't work. If your server's Safety Verification Level is set to Highest, Discord will require a registered phone number for your alternate account and will not let you use a number more than once.
Below shows a discord server theoretical role hierarchy.
- Cold Admins are at the top. Users with the Cold Admin role are the only users that should have the
Administratorpermission. The Cold Server Owner account does not need a role because it has the highest level by default
- Good Knight bot is next, above the other bots
- Other security and moderation bots are 3rd. These bots may require
Administratorpermissions.If any bot is above Good Knight, there's a risk that a hacker could use the bot to kick the Good Knight!⚠
- Staff and Moderators follow. These are active team accounts that should not have
Administratorpermissions but may have access to security and moderation features through bot commands
- The general server Members follow and should have the minimal permissions needed
- Other Bots are last. The bots in this category have specialized use cases like meme-ing, website feeds, games, etc. In most cases, it is best practice not to create a special role for these bots. Instead, add them to the Members role and address their permissions individually.