How to Ensure You Have a Recovery Key
The recovery key helps you to verify your new devices when you log in, as well as that you can retain access to your encrypted message history even if you lose access to all of your existing devices.
Visually a recovery key, generated for the user when they set up recovery, looks like this: EsTZ 4us6 nh29 89jk U1uH Zbae 4PuS QQC1 86pt em8o R8nb bdwQ. However, in the past it has been possible to also provide your own text phrase instead of the generated sequence (called security phrase). This is still valid to be used as a recovery key, too.
Note that the recovery key is separate from your account password.
The scenarios below will help you to check if you have a working recovery key and if not, explain how to fix it:
- First, if you think you have a recovery key but you’re not sure about it, we’ll help you to confirm it.
- Secondly, if you did not have a working recovery key we’ll help you to check if you have any verified devices.
- Finally, if you did not have any verified devices either, we will help you to reset your cryptographic identity.
All instructions applicable to Element Web are also applicable to Element macOS, Windows & Linux desktop apps.
Scenario #1: You have a recovery key but you are unsure if it is working
One universal way to confirm if the recovery key works, is to sign in to the Element Web app and try to verify the device with the recovery key during the process.
- Go to https://app.element.io - if you're logged in to Element Web already, use a different browser.
- Choose your account provider (aka homeserver) as usual.
- Enter your username and password, or use the single sign-on to log in to your account as usual.
- The app will ask you to verify the device.
- Use your recovery key for the verification - if it works, then the recovery key is correct.
See the example screengrab for the steps above:
Scenario #2: You do not have a recovery key but you have at least one verified device
If you do not have a recovery key, it is either because you never set up recovery or because you lost the recovery key. If you still have a signed in device that is verified - you can either set up recovery or you can generate a new recovery key.
Below, you can find instructions for each of the platforms, how to check if the device is verified and how to set up recovery or generate a new recovery key.
If you have multiple signed in devices / apps, then we strongly recommend starting with either the Element Web app or the Element X or Element Pro mobile app. Only use the Element Classic mobile app if you have no other verified devices.
Element Web app
The Element Web app prompts to verify the device at login. However, this is not mandatory yet, so your device may or may not be verified.
| Click on profile avatar in the top left corner > select All Settings > select Encryption. |  |
|---|---|
| If you see a Device not verified in there - it means this device is not verified. Find another device that is verified or if you do not have any, see scenario #3 below. |  |
| If you see Set up recovery in the Recovery section, it means you have not set up recovery yet. Click on Set up recovery and follow the instructions to set up recovery. |  |
| If you see the Change recovery key in the Recovery section, it means you have set up recovery. Double-check whether you still have the recovery key. If not, click on Change recovery key to change it. |  |
Element X, Element Pro apps (Android or iOS)
The new Element X and Element Pro apps require device verification at login. Thus, if you are in the app, it means this device is already verified.
| Screengrab (Android) | Screengrab (iOS) | |
|---|---|---|
| Tap on profile avatar in the top left corner > tap on Encryption. | ||
| If you see Set up recovery, it means you have not set up recovery yet. Tap on Set up recovery and follow the instructions to set up recovery. |  |
 |
| If you see the Change recovery key in there, it means you have set up recovery. Double-check whether you still have the recovery key. If not, tap on Change recovery key to change it. |  |
 |
Element Classic app (Android)
The Element Classic app prompts to verify the device at login. However, this is not mandatory, so your device may or may not be verified.
| Instructions | Screengrab |
|---|---|
| Tap on profile avatar in the top left corner > tap on Security & Privacy and find the Secure Backup section. | |
| If you see Set up on this device in the Secure Backup section and clicking on it brings up a Verify this device sheet, it means that this device is not verified. Find another device that is verified or if you do not have any, see scenario #3 below. |  |
| If you see Set up Secure Backup in the Secure Backup section and clicking on it brings up a Secure backup sheet, it means you have not set up recovery yet. Tap on Use a Security Key and follow the instructions to set up recovery. |  |
| If you see the Reset Secure Backup in the Secure Backup section, it means you have set up recovery. Double-check whether you still have the recovery key. If not, click on Reset Secure Backup to change it, choose Use a Security Key from the bottom sheet. |  |
Element Classic app (iOS)
The Element Classic app prompts to verify the device at login. However, this is not mandatory, so your device may or may not be verified.
| Instructions | Screengrab |
|---|---|
| Tap on profile avatar in the top left corner > tap on User Settings > tap on Security. | |
| Look up the CROSS-SIGNING section. If you see the text Your account has a cross-signing identity, but it is not yet trusted by this session there, it means that this device is not verified. Find another device that is verified or if you do not have any, see scenario #3 below. |  |
| Look up the SECURE BACKUP section. If you see the Set up button in there, it means you have not set up recovery yet. Tap on Set up and choose Use a Security Key to set up recovery. |  |
| Look up the SECURE BACKUP section. If you see the text This session is backing up your keys, it means you have set up recovery. Double-check whether you still have the recovery key. If not, tap on Reset in the SECURE BACKUP section and choose Use a Security Key. |  |
Scenario #3: You do not have a recovery key and you have no verified devices
If you followed scenario #2 above and found out that you have no verified devices, you need to reset your cryptographic identity on one of your devices. You can then use that device to set up recovery and verify your other devices.
To reset your cryptographic identity, please use the Element Web app or the Element X or Element Pro mobile apps. You can continue using any platform or app after you have reset the identity and setup of recovery.
Element Web
If you haven’t used the Element Web app before, it is available at https://app.element.io. Also, you can use the same instructions with Element Windows, Linux or macOS desktop apps.
| Instructions | Screengrab |
|---|---|
| Step 1. If you are logged in already you can trigger the verification by clicking the on profile avatar in the top left corner > select All Settings > select Encryption > Verify this device. If you’re not logged in yet, login to your account provider with your credentials or single sign-on as usual. This will trigger the verification of the device. | Already logged in.  Not logged in. |
| Step 2. If you do not see the button to verify with a recovery key, it means that you never set up recovery. If you see the button to verify with the recovery key, the recovery has been set up but you have forgotten the recovery key. | No recovery has been set up.  The recovery key was set up but the recovery key has been forgotten.  |
| Step 3. Click on Can’t confirm and follow the instructions to reset your identity. Note that as part of the reset process you get a new cryptographic identity and can no longer access your message history. |  |
| Step 4. Once the reset is complete, set up recovery. This will ensure you can always verify any of your new devices, even when you lose access to all of your existing verified devices. |  |
Element X or Element Pro (iOS or Android) app
Note that the Element X mobile app requires verifying the device at login, thus you can’t be logged in without verifying the device.
| Instructions | Screengrab (Android) | Screengrab (iOS) |
|---|---|---|
| 1. Login to your account provider with your credentials or single sign-on as usual. |  |
 |
| 2. On the Confirm your identity screen, choose Can’t confirm and follow the instructions to complete the reset. |  |
 |
| 3. Once the reset is complete, tap on the Set up recovery button to set up recovery. If you dismissed the banner accidentally you can always initiate the recovery setup by tapping on your profile avatar > tapping Encryption. |  |