How to Ensure You Have a Recovery Key
The recovery key helps you to verify your new devices when you sign in, as well as that you can retain access to your encrypted chat history and digital identity even if you lose access to all of your existing devices.
Visually a recovery key, generated for the user, looks like this: EsTZ 4us6 nh29 89jk U1uH Zbae 4PuS QQC1 86pt em8o R8nb bdwQ. However, in the past it has been possible to also provide your own text phrase instead of the generated sequence (called security phrase). This is still valid to be used as a recovery key, too.
Note that the recovery key is separate from your account password.
The scenarios below will help you to check if you have a working recovery key and if not, explain how to fix it:
- First, if you think you have a recovery key but you’re not sure about it, we’ll help you to confirm it.
- Secondly, if you did not have a working recovery key we’ll help you to check if you have any verified devices.
- Finally, if you did not have any verified devices either, we will help you to reset your cryptographic identity.
All instructions applicable to Element Web are also applicable to Element macOS, Windows & Linux desktop apps.
Scenario #1: You have a recovery key but you are unsure if it is working
One universal way to confirm if the recovery key works, is to sign in to the Element Web app and try to verify the device with the recovery key during the process.
- Go to https://app.element.io - if you're logged in to Element Web already, use a different browser.
- Choose your account provider (aka homeserver) as usual.
- Enter your username and password, or use the single sign-on to log in to your account as usual.
- The app will ask you to verify the device.
- Use your recovery key for the verification - if it works, then the recovery key is correct.
See the example screengrab for the steps above:
Scenario #2: You do not have a recovery key but you have at least one verified device
If you do not have a recovery key, it is either because you never set it up or because you lost the recovery key. If you still have a signed in device that is verified - you can either get a recovery key or generate a new one.
Below, you can find instructions for each of the platforms, how to check if the device is verified and how to get a recovery key or change it.
If you have multiple signed in devices / apps, then we strongly recommend starting with either the Element Web app or the Element X or Element Pro mobile app. Only use the Element Classic mobile app if you have no other verified devices.
Element Web app
The Element Web app prompts to verify the device at login. However, this is not mandatory yet, so your device may or may not be verified.
| Click on profile avatar in the top left corner > select All Settings > select Encryption. |  |
|---|---|
| If you see a Device not verified in there - it means this device is not verified. Find another device that is verified or if you do not have any, see scenario #3 below. |  |
| If you see Get recovery key in the Backup section, it means you have not got one yet. Click on Get recovery key and follow the instructions. |  |
| If you see the Change recovery key in the Backup section, it means you have set it up. Double-check whether you still have the recovery key. If not, click on Change recovery key to change it. |  |
Element X, Element Pro apps (Android or iOS)
The new Element X and Element Pro apps require device verification at login. Thus, if you are in the app, it means this device is already verified.
| Screengrab (Android) | Screengrab (iOS) | |
|---|---|---|
| Tap on profile avatar in the top left corner > tap on Encryption. | ||
| If you see Get recovery key, it means you have not got one yet. Tap on Get recovery key and follow the instructions. |  |
 |
| If you see the Change recovery key in there, it means you have set it up. Double-check whether you still have the recovery key. If not, tap on Change recovery key to change it. |  |
 |
Element Classic app (Android)
The Element Classic app prompts to verify the device at login. However, this is not mandatory, so your device may or may not be verified.
Note: We strongly recommend using Element Web or Element X/Pro mobile apps, only use Classic mobile apps, if it is your only verified device.
| Instructions | Screengrab |
|---|---|
| Tap on profile avatar in the top left corner > tap on Security & Privacy and find the Secure Backup section. | |
| If you see Set up on this device in the Secure Backup section and clicking on it brings up a Verify this device sheet, it means that this device is not verified. Find another device that is verified or if you do not have any, see scenario #3 below. |  |
| If you see Set up Secure Backup in the Secure Backup section and clicking on it brings up a Secure backup sheet, it means you have not set up recovery yet. Tap on Use a Security Key and follow the instructions to set up recovery. |  |
| If you see the Reset Secure Backup in the Secure Backup section, it means you have set up recovery. Double-check whether you still have the recovery key. If not, click on Reset Secure Backup to change it, choose Use a Security Key from the bottom sheet. |  |
Element Classic app (iOS)
The Element Classic app prompts to verify the device at login. However, this is not mandatory, so your device may or may not be verified.
| Instructions | Screengrab |
|---|---|
| Tap on profile avatar in the top left corner > tap on User Settings > tap on Security. | |
| Look up the CROSS-SIGNING section. If you see the text Your account has a cross-signing identity, but it is not yet trusted by this session there, it means that this device is not verified. Find another device that is verified or if you do not have any, see scenario #3 below. |  |
| Look up the SECURE BACKUP section. If you see the Set up button in there, it means you have not set up recovery yet. Tap on Set up and choose Use a Security Key to set up recovery. |  |
| Look up the SECURE BACKUP section. If you see the text This session is backing up your keys, it means you have set up recovery. Double-check whether you still have the recovery key. If not, tap on Reset in the SECURE BACKUP section and choose Use a Security Key. |  |
Scenario #3: You do not have a recovery key and you have no verified devices
If you followed scenario #2 above and found out that you have no verified devices, you need to reset your digital identity on one of your devices. You can then use that device to get your recovery key and verify your other devices.
To reset your digital identity, use the Element Web app or the Element X or Element Pro mobile apps. Do not use Element Classic mobile apps.
Element Web
If you haven’t used the Element Web app before, it is available at https://app.element.io. Also, you can use the same instructions with Element Windows, Linux or macOS desktop apps.
| Instructions | Screengrab |
|---|---|
| Step 1. If you are signed in already you can trigger the verification by clicking the on profile avatar in the top left corner > select All Settings > select Encryption > Verify this device. If you’re not signed in yet, login to your account provider with your credentials or single sign-on as usual. This will trigger the verification of the device. | Already logged in.  Not logged in.  |
| Step 2. If you do not see the button to verify with a recovery key, it means that you never got your recovery key. If you see the button to verify with the recovery key, you should have your recovery key but you have forgotten it. | No recovery key.  The recovery key has been forgotten.  |
| Step 3. Click on Can’t confirm and follow the instructions to reset your digital identity. Note that as part of the reset process you get a new digital identity and can no longer access your message history. |  |
| Step 4. Once the reset is complete, make sure to get your recovery key. This will ensure you can always verify any of your new devices, even when you lose access to all of your existing verified devices. |  |
Element X or Element Pro (iOS or Android) app
Note that the Element X mobile app requires verifying the device at login, thus you can’t be logged in without verifying the device.
| Instructions | Screengrab (Android) | Screengrab (iOS) |
|---|---|---|
| 1. Login to your account provider with your credentials or single sign-on as usual. |  |
 |
| 2. On the Confirm your identity screen, choose Can’t confirm and follow the instructions to complete the reset. |  |
 |
| 3. Once the reset is complete, tap on the Get recovery key button. If you closed the banner accidentally you can always get the recovery key by tapping on your profile avatar > tapping Encryption. |  |
 |