Discourse user guide: How to setup two factor authentication (2FA)?

Here’s a guide with some videos to help users activate 2FA on the Discourse forum software.

What is 2FA? #

When you log into your PC or a web site you’re authenticating yourself.

In other words, you’re using something you know to prove your identify is authentic. Alternatively, you can use something you have like a physical key or a smartphone that gives single-use codes. If you combine these two approaches (factors) when authenticating, it’s called two-factor authentication (2FA), or multi-factor authentication (MFA).

2FA is great because someone might steal your smartphone which provides one-time codes, but they won’t be able to login without also knowing your password. Reversely, someone might steal all your passwords, but they’d be useless without also stealing your smartphone. 2FA doesn’t make you unhackable, but it makes you much more protected.

For Discourse admins #

2FA is built-in in Discourse, and anyone can use it. Furthermore, admin users can make 2FA required for everyone by going into Discourse’s admin settings and changing the setting named “enforce second factor”.

For Discourse users #

Here’s a couple of videos showing how to activate 2FA on Android and iOS.

Android guide for setting up 2FA

iPhone guide for setting up 2FA

Notes #

  • The 2FA app shown on the Android video is called 2FAS and is available for both Android and iOS.
  • For the iPhone video I was using an older iPhone, with iOS version 15.8.2. So, the 2FA functionality might be slightly different for newer iPhones. If you find it hard to use, you can consider using the 2FAS app which I showed in the Android video guide.
  • If 2FA login isn’t enforced on your Discourse server, you can still activate it by going into your user settings.

Licensing #

This article including videos, is released under the Creative Commons license CC-BY. Let me know if you use it for something useful. 😉