Big issue to which i think i have an answer to
Im talking about the token logging and the user token thing as a whole.
Why do we even need these tokens when people can abuse malicious software and then gain access to our discord coversations, msgs, and whole account. user tokens should be deleted or replaced with something more secure or just better.
Or it would be just easier to store tokens somewhere more hidden or encrypting it really just any way where token loggers would not work.
If you have any better ideas let me know in the comments.
-
If people wasen't logging tokens they would be logging your passwords & emails.
The token system is created as a login / authentication system. Without Tokens (for users or bots) The only way to login would be via username and password.
Your idea isn't completely ridiculous, but it is still kinda dumb.1 -
I dont know ANYONE who uses tokens to login. Noone should be able to login using tokens as its just dum, username and password is how people have logged in using for centuries its too late to change now from 2 strings to 1 string of text.
1 -
yes most services do use these tokens.
But most services refreshes the tokens everytime you launch, even minececraft refreshes the token when you launch, everytime.
1 -
Actually most services use tokens or similar things. Minecraft uses their own accessToken thing.
The idea of using tokens has been around of years probably. Or longer. As its one of the best ways for authentication. Logging in using email and password retrieves your token for you to be able to use the service in the first place.0 -
You're both right, but I'm going to agree on Dark's last message, the tokens should refresh every time if they don't. I don't use my token so I don't know if they do or not.
0 -
PickleArmy, tokens refresh everytime you change your password.
If Discord were to do anything about token logging they would have to change everything on how the gateway (user accounts) use work.0 -
Everyone knows it refreshes everytime you change your password, but i wont change my password every time i launch discord, Discord should refresh everytime you launch it to prevent token logging.
0
Please sign in to leave a comment.
Comments
7 comments