Element messenger should store a backup of the encryption and secure backup keys on the messenger #1104
Labels
Comments
|
They are in the app's data directory. But for privacy & security when you log out we wipe all app data so that you do not leak anything to a future user of the machine (think work computers or libraries) - this is not something we wish to support. I suggest you look at element-hq/element-meta#922 instead |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Your use case
Problem:
When you log onto element, there are 2 ways to access your old data. Entering in your backup keys, or verifying from another device. As most users usually don't manage their backup keys at all, this means there is only 1 way to recover messages, verifying from a signed-in device. This is a problem when users log out on multiple devices at once, making it possible for them to lose all factors of authentication, and losing all their messages.
Proposed change:
I propose that, in addition to prompting the users to store the backup keys as a .txt on their computer, element should store a second backup key on device in the app's data directory, which would mean that even if the user didn't conciously store their backup keys, element could still automatically apply the encryption keys, just by virtue of being previously logged on with this device.
Have you considered any alternatives?
No response
Additional context
No response
The text was updated successfully, but these errors were encountered: