Cold Accounts

Cold owner/admin accounts is critical for securing your Discord server!

If your server is ever compromised, the first step (of several) is to have every admin/mod reset their password which regenerates your user Discord token and can kick the hacker out of a compromised account

The Good Knight team's opinion is that this is the single most important concept for Discord security. Any account with Administrator permissions is a high value target for hackers since it allows a user to add/remove bots, webhooks, channels, users, and messages in addition to tagging @everyone. A hacker with these permissions can stop many mitigation attempts and can nuke a server. If the hacker compromises the owner account, it's basically all over for the server.

What is a Cold Account?

For every user that has Administrator permissions (owner/admin) in a server, it is recommended that they have two accounts

  • Cold Account - The account with Administrator permissions. This account is only online to complete major server management tasks like adding bots, managing webhooks, or adding/deleting channels. Otherwise, the account is offline (cold 🥶)

  • Hot Account - The account that a server owner/admin uses for day-to-day discord activity. This account should not have Administrator permissions

Why have multiple Cold Accounts?

While you can just use a single, Cold Owner account, and avoid assigning Administrator permissions to anyone else. That may leave your server vulnerable if a hacker strikes when you're asleep. It is recommended to setup multiple Cold Admin accounts to cover all timezones.

How to setup a Cold Account

It can be as easy as creating a second Discord account, but for secure servers it will require a few extra steps. If the Require 2FA for Moderator Accounts setting is enabled in the Safety Setup tab, any user with moderation power must have two-factor authentication enabled. This means that both your Cold Account and Hot Account will need 2FA. We highly recommend enabling this setting.

Also, we recommend adding a phone number to the cold account. Discord has been known to suspend new accounts that take over server ownership without phone verification. This means you'll need access to a second phone. Note: most VoIPs don't work. If your server's Safety Verification Level is set to Highest, Discord will require a registered phone number for your alternate account and will not let you use a number more than once.

Make sure the new account has some history on Discord before you make it your server owner. (Send messages, create a server, join other servers) This will prevent Discord from assuming the new account is a bot and locking the account.

Example Role Hierarchy

Below shows a discord server theoretical role hierarchy.

  • Cold Admins are at the top. Users with the Cold Admin role are the only users that should have the Administrator permission. The Cold Server Owner account does not need a role because it has the highest level by default

  • Good Knight bot is next, above the other bots

  • Other security and moderation bots are 3rd. These bots may require Administrator permissions. ⚠️ If any bot is above Good Knight, there's a risk that a hacker could use the bot to kick the Good Knight!

  • Staff and Moderators follow. These are active team accounts that should not have Administrator permissions but may have access to security and moderation features through bot commands

  • The general server Members follow and should have the minimal permissions needed

  • Other Bots are last. The bots in this category have specialized use cases like meme-ing, website feeds, games, etc. In most cases, it is best practice not to create a special role for these bots. Instead, add them to the Members role and address their permissions individually.

Last updated