Act now: Continue sending and receiving encrypted messages
In April 2026, we will release an important update to strengthen the security of your conversations: Unverified devices will no longer be able to send and receive end-to-end encrypted messages through Elementor. This transformation matrix follows specification update It was announced at the Matrix 2025 conference on October 17 and benefits everyone by increasing security, but may require action from you to continue sending and receiving encrypted messages on your existing devices.
This security update will assure you that when you receive a message from a contact, you can easily assume that it is indeed from them.
This is a big step forward in making Element an even more secure and reliable messaging experience. When we say we want to provide the most secure communications technology in the world, we mean it.
So here’s what’s changing and why it matters to you.
Unverified devices are a potential attack vector
Imagine you’re messaging a coworker and suddenly a warning shield icon appears on your screen. Is it just a harmless unverified tool and you can safely ignore the warning, or has someone’s account been compromised? At best it’s a distraction and, at worst, it’s someone malicious trying to impersonate one of your contacts – neither of which is ideal. What’s worse, ignoring these warnings increases unlimited risks to your entire network.
With Element, trust is key – a non-negotiable. For example, we provide all of our users with end-to-end encryption by default to ensure that you and the person you are sending messages to – and only the person you are sending messages to – can read the messages. This upcoming change aims to eliminate uncertainty and the possibility of malicious activity by requiring all devices to be verified.
Device verification matters
Device verification works like a handshake between your devices, cryptographically proving to your contacts that they’re yours. Without this verification step, messages sent from your new devices should be marked as untrusted in your conversations. By making verification mandatory, users can be confident in every message sent and received through Elementor and not be distracted by warnings about insecure devices.
Trust by design and default
Going forward devices will either be verified or unable to participate in the conversation – it’s that simple. There are no longer any warnings or shield icons that can be easily ignored, these ultimately weaken the impact of important warnings/notifications (users become desensitized).
By verifying your devices, you are not only protecting your own communications, but you are creating a more trusted environment for everyone.
We’re designing a system that prioritizes the security of your communications and making verification an integral part of the process is a great example of this.
Actions required by end users
If you’re already in the habit of verifying your devices and have your recovery key set so you don’t need to do anything to prepare, then you’re good to go.
For everyone else, now is the time to take action:
- Check if your existing devices – mobile, web or desktop – are verified.
- Set up recovery if you haven’t already done so.
Note: Although installing recovery is not strictly mandatory, it is highly recommended, as it simplifies verification of new devices, and enables you to do so even if all your existing devices are lost.
For details on how to do this on different platforms, please read more in the user documentation.
What happens if you don’t verify…?
From April 2026:
- Unverified devices will no longer be able to send messages.
- The contents of messages received from unverified devices will not be shown (you can still see that there was a message).
In short, unverified devices will become effectively unusable in end-to-end encrypted (E2EE) conversations. You will still be able to participate in conversations where E2EE has been disabled, but you will be locked out in all other circumstances.
building trust together
As stated above, trust is fundamental to secure communications. By requiring verified devices, we are raising the bar on what users can expect from your secure communications. It’s a small change that makes a big difference. We need to work closely with our users to ensure success. We’re working to make sure every message you send and receive is as reliable as a face-to-face conversation.
We’re here to make the transition as seamless as possible. If you have any questions or need assistance, our support team is ready to assist. Let’s work together to make digital communications as safe as possible for everyone.