Change account token

Comments

24 comments

  • bluewave41

    I'm not sure you understand what a user token is if you're asking for this.

    Your token is a value that's created when you login. This token is passed around from the client to the server instead of your username and password to verify that you are indeed who you say you are while not exposing your password to anyone who may be sniffing traffic.

    Changing your password does reset your account token. It's done this for years.

    3
  • ArviX

    I'm meaning the account token is like a Bot token for Discord API

    We can control an account with just a token

    0
  • bluewave41

    Well as I said

    Changing your password does reset your account token. It's done this for years.

    3
  • frnkyz

    day bamyak Kali nak tukar.atau nak pindah kan token kita ke.wallet..selalu tak dapat

    -5
  • rula

    Discord as confirmed that changing your password does not reset your token.

    -6
  • bluewave41

    "Discord as confirmed that changing your password does not reset your token."

     

    You need to provide a source for false claims like this. You can easily verify that they do indeed reset your token when you change your password because you get logged out of all instances when you change your password.

    The reason for you being logged out is because your token doesn't match anymore.

    6
  • Yume

    Indeed ! As discord confirmed on twitter

    Your token will change when your password is changed.
    3
  • Zayne

    Don't waste time

    TOKEN AUTOMATIC GETS CHANGED AFTER YOU CHANGE YOUR PASS

    0
  • hxr404

    what about adding a button in the user settings "Regenerate Token"

    that only appears if you enable Developer Mode

    would be easier than having to change the password each time

    -2
  • bluewave41

    hxr404

    If someone has access to your account you do not know if it's because they have your token or they have your password and simply logged in. A regenerate token does not solve this and will lead people to believe that they are now safe when in reality they aren't.

    Changing your password is vital if someone has access to your account and a regenerate token button is unsafe.

    2
  • Na_Terminator

    Wait so if someone has your account token. What can they do with it, how do they do what they do with it and how would you be able to somehow reset their access? Resetting your password?

    0
  • hxr404

    Na_Terminator
    they can log into your account and bypass password + email verification and even bypass 2fa.

    bluewave41
    If they have your password than this is useless yeah.(thas the reason I'd hide it under Developer Mode)
    But regenerating your token would log those out who are logged in using your token. and they can't log in again without getting the new token

    1
  • 𝙹𝚊𝚜𝚖𝚒𝚗𝚎♡

    Here is an explanation on how discord user tokens reset and how they work:

    The discord user token is used as authentication in API endpoints, so for example whenever you send a message it's using your token to send the message [example using my function: discordAPI(`${token}`,`/channels/${channelId}/messages`,{content:"Your message"},"POST")]. The only time your email and/or password is even used from what I'm aware of is in the login API endpoint, change password, disable account, and delete account.

    Yes, resetting your discord password will reset your token, I have run this many times with the network tab open to see the xhr requests and it returns a new token each change. You can't change your user token on the click of a button like a bot token in the dev portal. Conclusion is, you can reset your token by changing your password, and that's about all there is to it. There is no other method I have found, but I'd love to test out some new methods if anyone finds any.

    3
  • as.java

    Changing password will reset the user token 
    I have tried

    1
  • HKprogram

    I got a token logger on my account called arsenite.ru

    How did i find out? well under the username of my account there is the tag (#0000) And instead of the tag it said arsenite.ru, So i went to the website and it was a token logger.

     

    When i changed the password it was still saying arsenite.ru So the account must be still getting token logged.

    Idk what to do, i have spent all the night trying to fix this! I would appericate help

    0
  • DerRockWolf

    HKprogram uninstall your whole operation system and reset your password on a different device. Because your PC is infected, Arsenite will send out new passwords and tokens to the attacker.

    Also contact the discord support about this and reset the password of any other accounts if they have the same password.

    0
  • HKprogram

    DerRockWolf I will not reinstall my operaing system, I have important files there and i dont have a backup hdd drive. Is it possible to fix it with safe mode?

    Please tell me

     

    (Btw i am getting a new pc soon. will it be infected aswell if i download and login to discord in that computer?)

    0
  • HKprogram

    DerRockWolf

    0
  • DerRockWolf

    HKprogram sorry for the late response.

    Going into safe mode won't fix this. I don't know how to 100% remove the malware. The safest thing to do is reinstalling your OS. If you don't have a backup drive, try to move the files to single USB flash drive or into cloud storage.

    The new PC won't be infected but you need to act now!

    1
  • HKprogram

    @DerRockWolf i contacted the discord teams some days ago and it acually just was a custom status. However, i am not sure if the hackers are still in my account beacuse i never had that status on. So ill reinstall my OS as quick as possible
    Thanks for the help

    0
  • Gardien

    tu as des dossiers importants, et pas de sauvegarde?! 
    mauvaise idée :(  si ton disque tombe en panne, tu va pleurer.
    Achete un disque, ca coute presque rien, sinon met les sur le cloud 

    0
  • fifa_

    Hey,

    Your discord token will change AUTOMATICS after:

    - Change password
    - Disable 2FA
    - Enable 2FA
    - Restart 2FA

    There are definitely more ways but these 4 are probably the most basic and used. Does anyone else know a quicker way to change their account token?

    TIP: Since the discord is "multiplying" with hecklers, I recommend changing my token at least once a month. Next, if you notice something in your account that's suspicious, change your token.

    2
  • c̶u̶t̶i̶e̶y̶ツ゚

    bluewave41 well actually there is 1 reason why a token regeneration button would be somewhat useful, mass DM clients. If someone were to use a token image grabber or trick someone into sharing it or running a script, instead of logging into the account some will simply just put the token into a mass DM client like Karuma or Hazard, mass DM friends or servers, and just cause general mayhem. So to sum up this reply a year later, i feel like it would be a good idea to implement such a thing.

    0
  • bluewave41

    c̶u̶t̶i̶e̶y̶ツ゚

    First off, the console already has a very large clear warning deterring anyone from running an unknown script. If someone was to run an unknown malicious script they need to change their password which changes their token. There is no telling what this script may have done.

    Now by image token grabber I have to assume you're referring to QR codes. You cannot (bar some crazy zero day exploit) get someone's token by simply sending them an image without any interaction.

    Now you need to ask yourself: is someone who is dumb enough to scan a random QR code and ignore all the very obvious warning messages given to them smart enough to realize they gave their token away?

    The answer is no. The reason mass DM clients work is because people don't realize they've just given their token away. That exact reason is why implementing a button to regenerate your token doesn't make sense. For it to work the user needs to understand what they've just done and the general Discord user will not be technical enough for this.

    0

Please sign in to leave a comment.