Warn users when setting up key backup that the admin can crack weak passwords

[notramo]

Users not familiar with cryptography doesn't even understand what that password does and why is it important. And if they doesn't understand it, they won't set strong passwords. They will set the easiest to remember (and crack) password. So I suggest similar wording:

Save my conversation encryption keys to the server, protected with the same password (WARNING: If you give a weak password, the server admin can break it, and read all your conversations! If you don't know what makes a password cryptographically secure, then don't use this feature!)

[t3chguy]

The same user will probably also misunderstand the concept of a server, blaming Discord here for naming their guilds servers This is scaremongering if anything

[notramo]

I mostly think about FB Messenger/WhatsApp/Hangouts users, who haven't heard of Discord.

@t3chguy What is better?

• Scaring users and making them not use the feature to be safe. -> scary but safe
• Allowing them to set a weak password and the server admin can crack it. -> friendly but dangerous

[t3chguy]

Riot could just enforce a minimum passphrase quality like it does with password quality

[notramo]

You are talking about "Matrix for healthcare". Think about the above question in this scenario. Would you like if your admin would crack your conversation with your doctor because the doctor used weak passphrase? Or for example used the following passphrase: "lock the keys securely", for which your crappy password quality meter says "Strong password" (Is it strong??? Approx. 2 hour to break with a modern PC and dictionary)

[t3chguy]

Well that wouldn't be my admin, it'd be the Doctor's admin which would be a gigantic legal issue in the first place

[notramo]

Is it impossible that a data breach happens on the hospital's server? No, it's not. You maybe know why strong password is important. But the majority of users don't. The patient can also set weak password and his admin could crack it, and tell his medical condition to his friends. The admin may get jailed. But it doesn't change that the user's friends know his medical condition, and this maybe ruins his relationships (or entire social life).

[besendorf]

Id suggest to use a this slighty different text.

Save my conversation encryption keys to the server, protected with the same password (WARNING: If you choose a weak password, the server admin could break it, and would be able to read all your conversations! You can also save your keys offline on your computer or an external drive. Chose a password with at least n characters and lowercase, uppercase, numbers and symbols. The length is more important than many different symbols, numbers, letters.