Skip to main content

Securing a Matrix Account

Disclaimer: This guide refers to using the Element Matrix clients, Element Web or Element Desktop apps

Once you have an account, it's important to understand the mechanisms it uses to keep your messages secure. Matrix uses encryption to protect your communication. The keys for this encryption should be kept secure, this is done using Secure Backup.

Secure Backup

After sending your first encrypted message, you'll receive a prompt to Set up Secure Backup, to safeguard against losing access to encrypted messages & data. If you choose not to, any new sessions you start by logging into different clients, will not be able to see you messages.

If you do not receive a prompt, or chose to action later, you can initiate its setup by clicking on your avatar in the top left, then selecting Security & Privacy. Under the Encryption / Secure Backup section, select Set up.

Follow the prompt to set up your Secure Backup, you can opt to use a phrase or always use a Security Key. If you opt for a Security Phrase, you will be able to provide a phrase of your choosing which you will need to provide to any client when you login with your account. Alternatively, if you forget your phrase, or did not provide one - you will need to provide the generated key.

Verified Session

A verified session is a device (any client logged into your account) that has been verified as legitimate. On your accounts' first login, the session will be marked as verified, make sure to set up a Secure Backup, you will need it if you ever lose access to all verified sessions.

When you login to a new session, you will be presented with the option to either provide your Security Key / Phrase, or to request verification from another already verified session. Successfully completing either option will mark your new session as verified.

Forgotten or lost all recovery methods?

If you have forgotten or lost all methods of verifying your account, you will need to Reset you account. Doing so will result in losing access to all your encrypted messages, and mark all sessions as unverified (treating this new session like your first).

Add Email to your account

Adding an email to your account will allow you to be able to reset your password should you lose it. Simply follow these steps:

  1. Go to Element All settings

    profile_menu

  2. Enter your email address and click Add

    adding_email_address

  3. When you get this message, check your email

    check_email_prompt

  4. Click the link in the email. Make sure it opens in another tab/window, leaving your Element client where it is

    verification_email

  5. When you get this message, you can close the verification tab/window and return to Element

    email_validated

  6. Go back to Element and click Continue

    check_email_prompt

  7. Enter your account password or confirm using SSO, then click Continue

    idenity_confirmation

  8. If all worked correctly, your new email should now show up under the Email addresses section in Element settings. If not, something went wrong and you need to try again

    email_add_success

Securing a Matrix Account on your Homeserver

If you're an EMS customer, you can create your users via the Server Admin tab of the EMS Control Panel.

Alternatively you can make use of the Synapse Admin API to create a Matrix Account on a homeserver you hold an Admin account on. To do so, you will need to use Create or Modify Account from the User Admin API.

https://HOMESERVER_URL/_synapse/admin/v2/users/FULL_USERNAME

{
    "threepids": [
        {
            "medium": "email",
            "address": "<user_mail_1>"
        },
        {
            "medium": "email",
            "address": "<user_mail_2>"
        }
    ],
}
Back to top