Change account token
It will be cool to have an option to change our account token
With a button or just with changing password
-
I'm not sure you understand what a user token is if you're asking for this.
Your token is a value that's created when you login. This token is passed around from the client to the server instead of your username and password to verify that you are indeed who you say you are while not exposing your password to anyone who may be sniffing traffic.
Changing your password does reset your account token. It's done this for years.
3 -
I'm meaning the account token is like a Bot token for Discord API
We can control an account with just a token
1 -
Well as I said
Changing your password does reset your account token. It's done this for years.
3 -
day bamyak Kali nak tukar.atau nak pindah kan token kita ke.wallet..selalu tak dapat
-5 -
Discord as confirmed that changing your password does not reset your token.
-6 -
"Discord as confirmed that changing your password does not reset your token."
You need to provide a source for false claims like this. You can easily verify that they do indeed reset your token when you change your password because you get logged out of all instances when you change your password.
The reason for you being logged out is because your token doesn't match anymore.
6 -
Indeed ! As discord confirmed on twitter :
Your token will change when your password is changed.
4 -
Don't waste time
TOKEN AUTOMATIC GETS CHANGED AFTER YOU CHANGE YOUR PASS
0 -
what about adding a button in the user settings "Regenerate Token"
that only appears if you enable Developer Mode
would be easier than having to change the password each time
-3 -
hxr404
If someone has access to your account you do not know if it's because they have your token or they have your password and simply logged in. A regenerate token does not solve this and will lead people to believe that they are now safe when in reality they aren't.
Changing your password is vital if someone has access to your account and a regenerate token button is unsafe.
3 -
Wait so if someone has your account token. What can they do with it, how do they do what they do with it and how would you be able to somehow reset their access? Resetting your password?
0 -
Na_Terminator
they can log into your account and bypass password + email verification and even bypass 2fa.
bluewave41
If they have your password than this is useless yeah.(thas the reason I'd hide it under Developer Mode)
But regenerating your token would log those out who are logged in using your token. and they can't log in again without getting the new token1 -
Here is an explanation on how discord user tokens reset and how they work:
The discord user token is used as authentication in API endpoints, so for example whenever you send a message it's using your token to send the message [example using my function: discordAPI(`${token}`,`/channels/${channelId}/messages`,{content:"Your message"},"POST")]. The only time your email and/or password is even used from what I'm aware of is in the login API endpoint, change password, disable account, and delete account.
Yes, resetting your discord password will reset your token, I have run this many times with the network tab open to see the xhr requests and it returns a new token each change. You can't change your user token on the click of a button like a bot token in the dev portal. Conclusion is, you can reset your token by changing your password, and that's about all there is to it. There is no other method I have found, but I'd love to test out some new methods if anyone finds any.3 -
Changing password will reset the user token
I have tried1 -
I got a token logger on my account called arsenite.ru
How did i find out? well under the username of my account there is the tag (#0000) And instead of the tag it said arsenite.ru, So i went to the website and it was a token logger.
When i changed the password it was still saying arsenite.ru So the account must be still getting token logged.
Idk what to do, i have spent all the night trying to fix this! I would appericate help
0 -
HKprogram uninstall your whole operation system and reset your password on a different device. Because your PC is infected, Arsenite will send out new passwords and tokens to the attacker.
Also contact the discord support about this and reset the password of any other accounts if they have the same password.
0 -
DerRockWolf I will not reinstall my operaing system, I have important files there and i dont have a backup hdd drive. Is it possible to fix it with safe mode?
Please tell me
(Btw i am getting a new pc soon. will it be infected aswell if i download and login to discord in that computer?)
0 -
DerRockWolf
0 -
HKprogram sorry for the late response.
Going into safe mode won't fix this. I don't know how to 100% remove the malware. The safest thing to do is reinstalling your OS. If you don't have a backup drive, try to move the files to single USB flash drive or into cloud storage.
The new PC won't be infected but you need to act now!
1 -
@DerRockWolf i contacted the discord teams some days ago and it acually just was a custom status. However, i am not sure if the hackers are still in my account beacuse i never had that status on. So ill reinstall my OS as quick as possible
Thanks for the help0 -
tu as des dossiers importants, et pas de sauvegarde?!
mauvaise idée :( si ton disque tombe en panne, tu va pleurer.
Achete un disque, ca coute presque rien, sinon met les sur le cloud0 -
Hey,
Your discord token will change AUTOMATICS after:
- Change password
- Disable 2FA
- Enable 2FA
- Restart 2FAThere are definitely more ways but these 4 are probably the most basic and used. Does anyone else know a quicker way to change their account token?
TIP: Since the discord is "multiplying" with hecklers, I recommend changing my token at least once a month. Next, if you notice something in your account that's suspicious, change your token.
3 -
bluewave41 well actually there is 1 reason why a token regeneration button would be somewhat useful, mass DM clients. If someone were to use a token image grabber or trick someone into sharing it or running a script, instead of logging into the account some will simply just put the token into a mass DM client like Karuma or Hazard, mass DM friends or servers, and just cause general mayhem. So to sum up this reply a year later, i feel like it would be a good idea to implement such a thing.
0 -
First off, the console already has a very large clear warning deterring anyone from running an unknown script. If someone was to run an unknown malicious script they need to change their password which changes their token. There is no telling what this script may have done.
Now by image token grabber I have to assume you're referring to QR codes. You cannot (bar some crazy zero day exploit) get someone's token by simply sending them an image without any interaction.
Now you need to ask yourself: is someone who is dumb enough to scan a random QR code and ignore all the very obvious warning messages given to them smart enough to realize they gave their token away?
The answer is no. The reason mass DM clients work is because people don't realize they've just given their token away. That exact reason is why implementing a button to regenerate your token doesn't make sense. For it to work the user needs to understand what they've just done and the general Discord user will not be technical enough for this.
0 -
How do I get my login token?
0 -
You don't. If you require your token for something then what you're doing breaks the TOS and is not allowed.
0 -
Hey bro i once wanted to check fuzzy catcher bot which is available in replit. i use mobile so to find your discord token in mobile i used a link given by a youtuber. After starting the bot now a stranger has easy access to my alt account in which I've coded the bot. I tried to change my account twice but he still gets my token from somewhere and access all my new accounts. I tried to change my password too,now i think it's because of the token that he still has access. My doubt is whether it is the youtuber who gave a file named ", discord token finder," which helps you to find token,he misuses it and gets access to all my new account token. Can someone tell me what should i do......? Or is it because the replit site is unsafe?!
0 -
If anyone answers... Then plz ping me too
0 -
Vizier. Hey!
Replit is a safe website. It's most likely the code on the replit. NEVER trust any code asking for your user token that you don't understand.What must be happening here is that you keep putting your user token in the replit to run the code, and every time you run the code, it's sending your token to the attacker. Therefore, they constantly have access to your account. The simple fix is to stop running the code. If you ran the code locally on your computer then it could of downloaded scripts that remain on your computer that refresh every time your token changes. I'm not great at malware or mischievous software, but to remove it, probably reinstall your OS like mentioned by bluewave41. Another problem could be the code you might have pasted into console that gives you your token. That was pretty stupid if you did not understand the code. What this could of done is sent your token to the attacker or setup to intercept your network requests from discord (ie. messages, and tokens!)
If this was your alt account and you are concerned about it, I suggest you just delete it.
Sending me the link of the replit or the video you used for the code would help solving this issue!
Reply to this comment or message me on discord @ cyberdev#00011
Please sign in to leave a comment.
Comments
29 comments