User Tools

Site Tools


services:matrix:encryption

Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
services:matrix:encryption [2021/08/10 16:59]
behrmj87 [Setting up encryption for the first time] update to newer dialogs
services:matrix:encryption [2021/11/29 17:24]
behrmj87 typo fix Sessin -> Session
Line 22: Line 22:
 ==== Setting up encryption for the first time ==== ==== Setting up encryption for the first time ====
  
-When you haven't set up a *Recovery Phraseor *Recovery Keyand are about to log out of your only session Element will ask you to set one up. You can also do this manually. Open the *Security & privacymenu in the *Settings*.+When you haven't set up a //Security Phrase// or //Recovery Key// and are about to log out of your only session Element will ask you to set one up. You can also do this manually. Open the //Security & privacy// menu in the //Settings//.
  
-Below the list of active sessions, you will find section *Secure Backup*, that will look like this, if you haven't set it up yet+Below the list of active sessions, you will find section //Secure Backup//, that will look like this, if you haven't set it up yet
  
 {{ :services:matrix:prefskeybackup.png |}} {{ :services:matrix:prefskeybackup.png |}}
Line 32: Line 32:
 {{ :services:matrix:setupsecurebackup.png |}} {{ :services:matrix:setupsecurebackup.png |}}
  
-By default the upper point (*Generate a Security Key*) is selected, but it's better to choose *Generate a Security Phrase*. What's the difference?+By default the upper point (//Generate a Security Key//) is selected, but it's better to choose //Enter a Security Phrase//. What's the difference?
  
-  * A *Security Keyis a long random key, that you probably won't be able to memorise. It's purpose is to be stored somewhere safe, e.g. in a password manager like KeePassXC. +  * A //Security Key// is a long random key, that you probably won't be able to memorise. It's purpose is to be stored somewhere safe, e.g. in a password manager like KeePassXC. 
-  * A *Security Phraseis that: a phrase, something that you will (hopefully) be able to remember, because you choose it, e.g. by a [[https://xkcd.com/936|method like this]].+  * A //Security Phrase// is that: a phrase, something that you will (hopefully) be able to remember, because you choose it, e.g. by a [[https://xkcd.com/936|method like this]].
  
 Also, when you generate a Security Phrase, you will be offered to generate a Security Key as well. So why not get both for the price of one? Also, when you generate a Security Phrase, you will be offered to generate a Security Key as well. So why not get both for the price of one?
Line 51: Line 51:
 {{ :services:matrix:saveyoursecuritykey.png |}} {{ :services:matrix:saveyoursecuritykey.png |}}
  
-And to finish the setup, you need to confirm everything with your *ZEDAT password*+And to finish the setup, you need to confirm everything with your //ZEDAT password//
  
 {{ :services:matrix:settingupkeysconfirmation.png |}} {{ :services:matrix:settingupkeysconfirmation.png |}}
Line 73: Line 73:
 - **Skip**, which skips authentication, but you won't be able to read encrypted messages that were sent to you earlier. - **Skip**, which skips authentication, but you won't be able to read encrypted messages that were sent to you earlier.
  
-=== Verifying a Sessin using a Security Phrase ===+=== Verifying a Session using a Security Phrase ===
  
-This is conceptually the easiest so, we'll discuss it first. Click **Use Security Key or Phrase** and in the screen that opens enter either your *Security Phraseor your *Security Key*.+This is conceptually the easiest so, we'll discuss it first. Click **Use Security Key or Phrase** and in the screen that opens enter either your //Security Phrase// or your //Security Key//.
  
 {{ :services:matrix:securitypassphrase.png |}} {{ :services:matrix:securitypassphrase.png |}}
Line 83: Line 83:
 {{ :services:matrix:sessionverified.png |}} {{ :services:matrix:sessionverified.png |}}
  
-=== Verifying a Sessin using a Security Phrase ===+=== Verifying a Session using a Security Phrase ===
  
-If you are logged into another session, e.g. on your phone, it's easiest to click **Use another login**. There are multiple ways how this is handled, which depends on where the other session is running, e.g. Element on phones will allow you to do this via scanning a QR code. All methods do require, though, that you have the device where the other session is running on *at handotherwise the whole process will block waiting for you to do something on the other device, which is hard to do, if it's far away.+If you are logged into another session, e.g. on your phone, it's easiest to click **Use another login**. There are multiple ways how this is handled, which depends on where the other session is running, e.g. Element on phones will allow you to do this via scanning a QR code. All methods do require, though, that you have the device where the other session is running on //at hand// otherwise the whole process will block waiting for you to do something on the other device, which is hard to do, if it's far away.
  
 One method that is always available is comparing emoji shown on both devices. First you will be asked on the device with an already authenticated session whether the new session is you and whether you want to authenticate it. One method that is always available is comparing emoji shown on both devices. First you will be asked on the device with an already authenticated session whether the new session is you and whether you want to authenticate it.
Line 185: Line 185:
 {{ :services:matrix:verifylogin.png |}} {{ :services:matrix:verifylogin.png |}}
  
-on the verification dialog after login and instead of entering your security phrase or key, which you've lost, click the **Reset all** link on the bottom, next to *Forgotten or lost all recovery methods?*+on the verification dialog after login and instead of entering your security phrase or key, which you've lost, click the **Reset all** link on the bottom, next to //Forgotten or lost all recovery methods?//
  
 You will then be asked to confirm You will then be asked to confirm
Line 192: Line 192:
  
 And clicking **Reset** will sign out of all your old sessions and delete all keys, followed by guiding you through the procedure to generate new ones described above. And clicking **Reset** will sign out of all your old sessions and delete all keys, followed by guiding you through the procedure to generate new ones described above.
 +
 +==== I'm asked to authenticate every time I open my browser. What am I doing wrong? ====
 +
 +You will need to reauthenticate (that means: type in your recovery passphrase or use another session to authenticate your new one) whenever you log out of [[https://meet.physik.fu-berlin.de]] or your browser loses its cached data and cookies. That means, if you are especially privacy conscious and configure your browser to delete cookies and caches on exit, your running session will die as well.
 +
 +[[https://meet.physik.fu-berlin.de]] only sets first party cookies and uses the local browser cache for some of its data. Whereas third party cookies are definitely are a privacy problem (and Firefox' Enhanced Tracking Protection can really help you with that out of the box even without [[https://addons.mozilla.org/en-US/firefox/addon/ublock-origin/|uBlock Origin]], which is something everybody should use), can deleting first party cookies be a tad overzealous, since the server you are contacting sees everything you do with it anyway. Deleting the cookie and cached data interferes with how the client at [[https://meet.physik.fu-berlin.de]] operates. You can resolve this problem by granting an exception to deleting this data in your browser's preferences.
 +
 +On Firefox you can do this on the //Privacy & Security// page of the settings in the section //Cookies and Site Data//. If you have checked //Delete cookies and site data when Firefox is closed//, this is the reason for needing to reauthenticate after every time you close Firefox. Click the //Manage Exceptions// button (//Manage Permissions// on older versions) and enter both [[https://meet.physik.fu-berlin.de]] and [[https://meet.physik.fu-berlin.de|http://meet.physik.fu-berlin.de]] and save your choice.
services/matrix/encryption.txt · Last modified: 2021/11/29 17:24 by behrmj87