Encrypt User Token / Session ID Validator aswell #6824
-
Dear Discord Team,I'm writing to offer a suggestion for enhancing security measures within the platform, particularly concerning token encryption and authentication protocols. As a user who values privacy and security, I believe it's crucial to prioritize the protection of user data, especially during authentication processes. Currently, the token used for account validation with the server lacks encryption, posing potential risks to user accounts. To address this, I propose implementing robust encryption mechanisms for tokens to prevent unauthorized access and misuse. Additionally, could the API be configured to require validation of another parameter, such as a session ID generated on the client-side browser? This session ID would refresh with each logout, further fortifying security measures and ensuring ultimate protection against unauthorized access. While the other stored SESSION IDs on the server which uses your other devices. remain valid which doesn't cause your other devices to get logged out. As a passionate user of Discord, I believe that enhancing security measures aligns with the company's mission to provide a safe and enjoyable experience for all users. With Discord's significant influence and standing as a valued company, investing in these security enhancements will not only bolster user trust but also solidify Discord's position as a leader in online communication platforms. Thank you for considering this suggestion. I look forward to seeing the continued improvements in Discord's security measures. Sincerely, |
Beta Was this translation helpful? Give feedback.
Replies: 1 comment 4 replies
-
|
tokens are already per-session and they are already encrypted. |
Beta Was this translation helpful? Give feedback.
-
|
How did a user steal my token and yet had a valid token to send messages behave of me. All my dms were flooded with weird Porn Links. |
Beta Was this translation helpful? Give feedback.
-
|
Then on top of that, i was not in any of there servers. Not clicked any links but yet somehow my account was compromised. |
Beta Was this translation helpful? Give feedback.
-
You've done something - because people don't just randomly find tokens out of nowhere, that's not how it works. |
Beta Was this translation helpful? Give feedback.
-
|
dont run untrusted software on your computer 🤡 |
Beta Was this translation helpful? Give feedback.
tokens are already per-session and they are already encrypted.