Idea for power users: Client Password

Right, so hear me out. Malware is as prevalent as ever. And how does most discord malware work? By simply plucking the locally stored token on your device. And, I mean, it makes sense, how would discord protect the token more than they already do? That's where my idea comes in:

Client Passwords

What's a Client Password?

A client password is a password you'd have to enter every you boot up the discord desktop application. The idea is that it can be used to hash the locally stored token. This is similar to how browsers like Chrome and Firefox protect your locally stored passwords with a “Primary Password.”

If the token is hashed, then it would be laughably useless to the malware developer!

Every time you boot it up? That sounds annoying…

That's why it's optional. By not having it enabled, you'd be unprotected against malware attacks, but I suppose that's the price of convenience.

What if I forget my password?

Then you'll be given the option to log out - which would destroy your current session token - and then log back in. From there, you'd be able to go back into your client settings and add a new password.

Who does this target?

Mainly desktop users. Mobile operating systems already give developers the option to safely store sensitive information that's inaccessible to other apps without jailbreaking; so they're not a priority for this feature.

How would this stop malware developers?

Hashing algorithms are some powerful stuff. It's impossible to reverse a hash, unless you're using some super common password like “abc123.”

Conclusion

Client Passwords are a feature I'd love to see in the future - I wouldn't mind entering a password everytime I boot up the client, so long as it means I'm protected against malware attacks, should I ever slip up.

Discord malware is more present than it's ever been - and they're starting to get smart. This feature would put a real roadblock in their nefarious deeds.