Prevent third party applications from logging a user's token



  • Derpus

    Yep. I got hit by this yesterday morning.

    It's honestly appalling how there isn't some kind of automated account recovery/lockout link when an email is changed without your consent. Instead this person has had my actual account in their hands for over 24 hours and I'm stuck messaging my friends warning them to not click any links while I sit and wait for someone to answer a support ticket.

    Discord can do better than this.

  • Unfortunately, Discord Login System and API were designed around this token, it's really up to the user to keep it safe, as long as you keep your antivirus on, it should be very hard for an attacker to get your token. Adding on, simply enable 2FA and do NOT save your passwords in your browser to prevent someone from taking your account. For Discord to redesign (remake) their entire login API would be an extreme hassle for Discord and I don't think they will be willing to do so since it's up to the user to ensure their account is safe. 

  • TheSheepster

    No one has mentioned their antivirus going off for this kind of thing. This should be incorporated into Windows Defender as most computers have this (and other common antiviruses)


Please sign in to leave a comment.