Act now: continue sending & receiving encrypted messages
In April 2026, we will be rolling out a significant update to strengthen the security of your conversations: unverified devices will no longer be able to send and receive end-to-end encrypted messages via Element. This change follows the Matrix specification update that was announced at the Matrix 2025 conference on October, 17 and benefits everyone by enhancing security, but may require an action from you to continue sending & receiving encrypted messages on your existing devices.
This security update will give you assurance that when you receive a message from a contact, you can effortlessly assume it’s really from them.
It’s a big step towards making Element an even more safe and reliable messaging experience. We mean it when we say that we want to provide the most secure communication technology in the world.
So here’s what’s changing and why it matters to you.
Unverified devices are a potential attack vector
Imagine you’re messaging a colleague and suddenly a warning shield icon appears on your screen. Is this just a harmless unverified device and you can safely ignore the warning, or has someone’s account been compromised? At best this is a distraction and, at worst, it is someone malicious trying to impersonate one of your contacts - neither is ideal. What’s worse is that ignoring these warnings leaves unmitigated risks to proliferate throughout your network.
With Element, trust is critical - a non-negotiable. For example, we provide end-to-end encryption by default to all of our users to ensure that you and the person you're messaging - and only the person you're messaging - can read the messages. This forthcoming change aims to eliminate uncertainty and the likelihood of malicious activity by requiring all devices to be verified.
Device verification matters
Device verification acts like a hand shake between your devices, proving cryptographically to your contacts that they belong to you. Without this verification step, messages sent from your new devices must be marked as untrusted in your conversations. By making verification mandatory, users can be confident in every message sent and received via Element and are not distracted by warnings about insecure devices.
... continue reading