Key verification adds an additional layer of security & protection, enabling you to verify the identity of your trusted contacts.
It's completely optional, but does help you make sure you're speaking to the person you think you are.
You can verify the identity of any user in your contacts list by clicking their avatar which brings up the user’s information, and then clicking the “Security Verification” from their profile screen.
You share a unique security verification code with all other Wickr users. From here, you have several ways to verify the end-to-end encryption of your communication with another user by comparing the security code with each other. The other user should follow the same steps as you did to find your shared verification code (They navigate to your profile page, then Security Verification).
If you and your contact are physically near each other, you have two options:
- Use “Tap to Scan” the QR code of their device to verify them automatically. They should also scan the QR code on your screen.
- You can also just verbally compare the security code listed. If they match, click/tap the verify button.
If you and your contact are not physically near each other, you still have the following options to verify them:
- On mobile, tap the “Share” icon to send them your security code via an alternate trusted method of communication (i.e. you can share via SMS if you know their phone number). Have them share their code with you. If you both have the same code, go ahead and tap “Verify” and you’re good to go.
- On desktop you can click “Copy Code” to copy the security code to your clipboard, then you can share it with your contact via the method of your choosing (email, for instance).
- Start a video call with your other contact and make sure you both have your camera enabled. If you can confirm you’re speaking with the person you know, verbally compare your security codes and click/tap “Verify” if they match.
Once your contact is verified, a small checkmark icon will appear on their profile card and next to their name whenever you are messaging with them. They are now verified to you, and you know you’re speaking with someone you trust.
This is one more authentication feature many users have found useful to keep themselves and their data safe.
Unverified Users & Room Management
If someone forgets their password (or an SSO user resets their account without access to the Master Recovery Key), these contacts will automatically become unverified. Unverified users can no longer receive messages in rooms or group conversations until they are approved (see below) or verified.
Whenever you are in a room or conversation with an unverified user, you’ll see a banner letting you know they need to be re-verified and instructions how to manage them. Please note that you can continue to communicate 1:1 with an unverified user (primarily so you can verify them via video call), but they will not receive messages in rooms or group conversations. A room moderator will need to verify a user before they are able to receive messages in that room. If a user becomes unverified and you are NOT a room moderator, they will not receive your messages in a room if the moderator has not verified them, regardless if you have verified them or not.
Users can also “approve” unverified users, which allows them to continue to communicate in rooms and group conversations without going through the verification process.