Also, I'm not sure what's given you the impression that there has been any push-back on the feature?
(the top story is even funnier, as Discord didn't even reply to it, but comments were closed because there were too many.)
When the board about yubikey was the most active, Discord maybe somehow replied to it by doing the opposite. Instead of increasing their security as users asked, they decided they would fancy lowering it and introduced QR codes, because services are no fun if they don't experience of wave of hacks.
And now, they're not referring to anything from the past, but are cluelessly posting generic talk and external links on a blog post.
Also, as throwaway1777 mentioned, hardware tokens for staff is definitely something that had to be done before the second half of the last decade. It's the standard in any company I work with nowadays.
So, IMO, OP's blog post doesn't show how Discord is being innovative, it's just a statement of "sorry, we're catching up on security" and "was this a topic before ?"
Thanks for the reply, anyway.
As for the QR code login, I built that feature. Although it does offer a venue for social engineering, we've done a lot since launch to ensure people understand that they're logging into a new device using it. From day 1, it's always included red text that said roughly "you're logging into a new device using this" and to "not scan codes that random people have sent you." Of course, some people don't really read. That being said, millions of users every week use the QR code login legitimately, and it's a feature that most other chat platforms offer. It's also very very beneficial when you're using a shared device (i.e. you live in South Korea and visit PC bangs often.)
As well, you'd be surprised, webauthn adoption within companies is not nearly as ubiquitous as you'd think. Shipping out yubikeys around the world during a pandemic was a gargantuan task. Either way, any post advocating for more broad adoption of webauthn and also showing success does the industry as a whole good.
It's ironic, as users have been requesting that feature for years, and discord has been pushing back the whole time.
https://support.discord.com/hc/en-us/community/posts/3600313...
Instead, they did the infamous qr code, the new font, the new id that's often similar to the old one but without the #, and the like.
The overly popular support page isn't even cited or mentioned in the article !
I can't understand the disconnect between the teams at discord and the users.
For me, the teams are doing this blog post like they had the idea first because they're the best (when they have actually pushed back for so long).
And not even acknowledging users is just disrespectful. It shows that Discord only involves them in the payment process, and ignore their suggestions whether they're good or bad (because they come from the users).
At the same time, for any change, they post they're visionaries. And I'm sure their CVs go on about how they disrupted their workplace. (while they really did push back on this feature)