Closed colemickens closed 1 week ago
Thanks for the feedback!
Hope this helps!
If people still see "Security Key" (or security-key.txt
) being referenced in any applications, I recommend filing bugs in the relevant application-specific issue trackers.
- The "security phrase" feature (aka choose your own recovery key) will be dropped for the future as user tests have shown that it's being mixed up with your account password and generally causes more confusion than benefit.
Can you clarify what is being dropped? Right now there are two things: an opaque string of characters (which I think is currently called "recovery key") and a user-chosen password to unlock key backup.
Getting rid of the ability to choose your own password for the latter would be a terrible idea. I want to be able to log in on a new device and input my chosen key-backup password to get access to my messages. To do that, I need to be able to choose that password so I can remember it.
- "Recovery key" is the new terminology as we've seen in user tests that it works best among the options we tested.
So it was once named recovery key
, then it got renamed to security key
and now the plan is to rename it back to recovery key
?
- The "security phrase" feature (aka choose your own recovery key) will be dropped for the future as user tests have shown that it's being mixed up with your account password and generally causes more confusion than benefit.
Can you clarify what is being dropped? Right now there are two things: an opaque string of characters (which I think is currently called "recovery key") and a user-chosen password to unlock key backup.
Getting rid of the ability to choose your own password for the latter would be a terrible idea. I want to be able to log in on a new device and input my chosen key-backup password to get access to my messages. To do that, I need to be able to choose that password so I can remember it.
I don't understand the argument either. Just name it the same thing, no matter if it is Element generated or user-defined. For all processes afterwards it only matters that it is the correct one.
So it was once named
recovery key
, then it got renamed tosecurity key
I'm not aware of it ever being renamed in this way, no.
TL;DR: It's a "recovery key". Please file bugs if you see people calling it a "security key".
We have more work on the way to be more consistent with our terminology.
Your use case
What would you like to do?
On the heels of confusion about Key Backup, how mine got corrupted, what it means for "sessions failed to decrypt", etc...
I come across yet another UX thing that feels easy to fix, and could go a long way towards helping users (even ones trying to use Matrix for 5 years) not get confused.
When I (reset) and setup Key Backup today, I was prompted to download a 48-character ... thing... that was saved as "security-key.txt".
When I set Element X Android today, it prompted me for my "Recovery Key".
Is there a document that lays out, plainly, how E2EE is meant to work, and the definitions of:
Can y'all please document them precisely, and then commit to standardized names throughout, at the very least, Element properties?
Why would you like to do it?
How would you like to achieve it?
Have you considered any alternatives?
not any non-sarcastic ones
Additional context
I love Matrix, but it's a challenging love.