Session verification at login is overwhelming to some users

[jryans]

At the moment, we always show "verify this session" prompts during the login flow when adding any session after the first one, even if you do not have encrypted rooms yet. I believe the Product thinking at the time was that this would be good to recommend for all sessions when you login so they are already cross-signed and ready to go once you eventually do join an encrypted room.

Some people have no intention of using encryption though, and for those users, this verification ceremony is unwieldy and overwhelming.

[kittykat]

Also, the verification process doesn't make sense when there is only one session which the user is able to access (e.g. all previous sessions were in private browsing windows).

[florian-bellencontre]

Hello, I am writing in this issue because I am trying to disable E2EE by default but allow users to use it.

I managed to do all the necessary configuration thanks to the well-known but it is the only feature I miss to avoid confusion with my users.

I would like to add that when we connect for the first time we have the first page to check the session that is displayed and it is difficult to see how to "skip" this operation. Just click on the "X" at the top but it doesn't seem intuitive for everyone.

The second thing I would like to add is that you have to click a total of 3 times to skip the session check:

1. After the connection "Verify this device".
2. After clicking on the "X" > "I'll verify later"
3. The pop-up in the upper left corner after logging in "Verify this session".

This really forces the user to verify it when in my case we don't want to. We would really like the user to go into his settings.

[richvdh]

I think we're committed to this (indeed we're planning to enforce it, cf element-hq/matrix-react-sdk#29).