Two-factor authentication means Discord asks for a code from your phone in addition to your password. If someone learns your password through a scam or a data breach elsewhere, they still cannot log in without that second factor.
Open User Settings → My Account → Enable Two-Factor Auth. Use an authenticator app such as Google Authenticator or Authy rather than SMS when possible. Scan the QR code, enter the verification code Discord shows you, and save your backup codes somewhere safe offline. Those codes are your last resort if you lose your phone.
Never share login codes, backup codes, or QR screens with anyone — including people claiming to be Discord staff. Use a unique password you do not reuse on other sites, and review Authorized Apps periodically to revoke access you no longer need.
If you lose both your authenticator and backup codes, recovery can be slow or impossible. Treat 2FA setup as seriously as you would a bank login.