How to Log Everyone Out of Your Discord Account
If you suspect someone else has access to your Discord account — or you've logged in on a shared device and forgotten to sign out — Discord gives you a way to remotely terminate all active sessions at once. Here's exactly how that works, what it actually does, and what factors determine whether it's the right move for your situation.
Why You Might Need to Log Out All Devices
Discord stays logged in by default. That's convenient when it's your own phone or laptop, but it creates a real problem when:
- You logged into Discord on a friend's computer and forgot to sign out
- You're seeing login activity from locations or devices you don't recognize
- You suspect your credentials have been compromised
- You recently changed your password but aren't sure which devices still have access
Unlike some platforms, Discord doesn't send you a notification when a new device logs into your account. That makes it easy to miss unauthorized access unless you're actively checking.
How Discord Session Management Works
Discord uses session tokens to keep you logged in. When you sign into Discord on any device, that device receives a token that authenticates your access without requiring your password every time. These tokens persist until:
- You manually log out on that device
- You revoke all sessions from your account settings
- Discord invalidates them (for example, after a password reset)
Changing your password alone does not automatically log out other devices in all cases — the behavior can depend on how the account was accessed and the platform version. To be certain all sessions are terminated, you need to use the explicit "Log Out All Known Devices" function.
How to Log Everyone Out of Your Discord Account 🔐
Discord provides this option through your account settings. The steps are essentially the same across desktop and browser:
On Desktop (App or Browser)
- Open Discord and click the gear icon (User Settings) in the bottom-left corner
- Under the My Account section, scroll down to find Password and Authentication
- Look for the option labeled "Log Out All Known Devices"
- Confirm the action when prompted
This will immediately invalidate all active session tokens associated with your account — including the current device you're on, so you'll be logged out too and will need to sign back in.
On Mobile (iOS or Android)
- Tap your profile icon or navigate to the You tab
- Go to Settings
- Select Account
- Locate Log Out All Known Devices and confirm
The effect is the same: every device currently holding a session token for your account will lose access instantly.
What Happens After You Log Out All Devices
Once you trigger this action:
- All sessions are terminated, including your own current session
- Anyone else using your account on another device will be immediately signed out
- You'll need to log back in with your email and password (and complete two-factor authentication if enabled)
- Previously authorized third-party apps connected via OAuth may also be affected, depending on how their access was granted
It's worth noting that this feature targets known sessions — those actively tracked by Discord's systems. If an attacker has already exported data or is using your account via an unofficial client or bot token, logging out sessions addresses the access problem but not any data that may have already been exposed.
Variables That Affect Your Situation
Not every account access problem is identical, and a few factors shape how effective the log-out-all-devices action will be for you:
| Factor | Why It Matters |
|---|---|
| Whether you have 2FA enabled | Without two-factor authentication, someone with your password can log back in immediately after you revoke sessions |
| How credentials were obtained | A phished password vs. a forgotten shared-device login are different threat levels |
| Third-party app access | Some bots or integrations use separate tokens not tied to your login session |
| Whether your email is also compromised | If someone controls your email, they can reset your Discord password after you lock them out |
This is why most security guides recommend treating "log out all devices" as one step in a broader response — not a standalone fix.
Two-Factor Authentication Changes the Equation
Enabling 2FA (via an authenticator app like Google Authenticator or Authy) is the most meaningful follow-up action after revoking all sessions. With 2FA active:
- Even if someone has your password, they can't complete the login without the rotating code from your authenticator app
- Discord also provides backup codes when you set up 2FA, which you should store somewhere secure and offline
Without 2FA, revoking sessions buys you time — but if your password is known to someone else, they can simply log back in.
The Gap Between Knowing the Steps and Knowing What's Right for You 🛡️
The technical process of logging out all devices is straightforward. What's less straightforward is understanding what threat you're actually dealing with — whether it's a forgotten login on a shared device, a compromised password, a suspicious OAuth integration, or something involving your email account.
Each of those scenarios calls for a slightly different response, and how far you need to go depends on your own account history, what devices you've used Discord on, and whether you have 2FA set up already. The steps above will revoke active sessions — but whether that's sufficient, or just a starting point, depends entirely on the specifics of your situation.