验证您的 Matrix 设备正在成为强制性要求。

验证您的 Matrix 设备正在成为强制性要求。
Verifying your Matrix devices is becoming mandatory

原始链接: https://element.io/blog/verifying-your-devices-is-becoming-mandatory-2/

## Element 安全更新：设备验证要求 Element 将于 2026 年 4 月加强安全措施，要求所有设备进行**验证**，以实现端到端加密 (E2EE) 消息传递。目前，未经验证的设备存在安全风险，可能允许恶意行为者冒充联系人。此更新基于 Matrix 规范，旨在消除这种不确定性，并建立更值得信赖的消息传递体验。 **这对您的影响：** * **已验证的设备** 会以密码学方式向您的联系人确认您的身份。 * **未经验证的设备** 将无法*发送*消息，并且收到的消息内容将显示为隐藏，从而使其无法用于 E2EE 对话。 * **需要采取行动：** 检查您的设备是否已验证，并设置恢复密钥（强烈建议，以便更轻松地重新验证）。此更改优先考虑安全设计，消除了关于未经验证设备的干扰性警告，并确保每条消息都能被自信地信任。Element 的目标是提供最安全的通信技术，此更新是实现这一目标的重要一步。用户文档中提供了资源，以指导您完成验证过程。

## Element 客户端现已强制设备验证 Element，一个流行的 Matrix 协议客户端，正在实施强制设备验证。此次更新源于 Matrix 协议的变更，引发了用户对验证机制的疑问。目前，具体细节尚不明确。用户对此流程表示担忧，希望避免类似谷歌 Play Integrity API 这种需要用户身份识别的侵入性方法。虽然可以切换到其他 Matrix 客户端，但 Element 的广泛使用使其对许多用户来说是一项重大改变。讨论凸显了 Element 在此次新验证要求实施细节方面缺乏清晰的说明，导致用户寻求更多信息。

原文

Act now: continue sending & receiving encrypted messages

In April 2026, we will be rolling out a significant update to strengthen the security of your conversations: unverified devices will no longer be able to send and receive end-to-end encrypted messages via Element. This change follows the Matrix specification update that was announced at the Matrix 2025 conference on October, 17 and benefits everyone by enhancing security, but may require an action from you to continue sending & receiving encrypted messages on your existing devices.

This security update will give you assurance that when you receive a message from a contact, you can effortlessly assume it’s really from them.

It’s a big step towards making Element an even more safe and reliable messaging experience. We mean it when we say that we want to provide the most secure communication technology in the world.

So here’s what’s changing and why it matters to you.

Unverified devices are a potential attack vector

Imagine you’re messaging a colleague and suddenly a warning shield icon appears on your screen. Is this just a harmless unverified device and you can safely ignore the warning, or has someone’s account been compromised? At best this is a distraction and, at worst, it is someone malicious trying to impersonate one of your contacts - neither is ideal. What’s worse is that ignoring these warnings leaves unmitigated risks to proliferate throughout your network.

With Element, trust is critical - a non-negotiable. For example, we provide end-to-end encryption by default to all of our users to ensure that you and the person you're messaging - and only the person you're messaging - can read the messages. This forthcoming change aims to eliminate uncertainty and the likelihood of malicious activity by requiring all devices to be verified.

Device verification matters

Device verification acts like a hand shake between your devices, proving cryptographically to your contacts that they belong to you. Without this verification step, messages sent from your new devices must be marked as untrusted in your conversations. By making verification mandatory, users can be confident in every message sent and received via Element and are not distracted by warnings about insecure devices.

Trust by design and default

Going forward devices will be either verified or unable to participate in conversations - it’s that simple. No more warning or shield icons that can be easily ignored, these ultimately undermine the impact of important warnings/notifications (users become desensitised).

By verifying your devices, you’re not just protecting your own communications, you’re creating a more trusted environment for everyone.

We’re designing a system that prioritises the security of your communications and making verification an integral part of the process is a great example of that.

Action required by end users

If you’re already in the habit of verifying your devices and have your recovery key set up there’s nothing you need to do to prepare, you’re good to go.

For everyone else, now is the time to take action:

Check if your existing devices - mobile, web or desktop - are verified.
Set up recovery if you haven’t done that already.

Note: although setting up recovery is strictly not mandatory, it is highly recommended, as it simplifies the verification of new devices, and enables you to do that even when you lose all of your current devices.

For the details of how to do this on various platforms, please read more in the user documentation.

What if you don’t verify…?

From April 2026:

Unverified devices will no longer be able to send messages.
Content of the messages received from unverified devices will not be shown (you can still see that there was a message).

In short, unverified devices will effectively become unusable in end-to-end encrypted (E2EE) conversations. You’ll still be able to participate in conversations where E2EE has been deactivated, but in all other circumstances you will be excluded.

Building trust together

As stated above, trust is fundamental to secure communication. By requiring verified devices, we are raising the bar for what users can expect from your secure communication. This is a small change that makes a big difference. We have to work together with our users to ensure success. We’re doing this work to ensure every message you send and receive is as trustworthy as a face-to-face conversation.

We’re here to make the transition as smooth as possible. If you have questions or need help, our support team is ready to assist. Together, let’s make digital communication as secure as possible for everyone.