Progressive nudge to create recovery code

[holmesworcester]

Users need some way to recover DMs (and their username and settings) if they have lost all their devices, but at best, creating a recovery code will be unfamiliar. At worst it could be too confusing, or they might do it wrong.

We can give users a lot of instruction, but when they create their account they might not be in a place where it is convenient to write down a recovery code. They are also likely impatient to join, make sure things are working, and be part of the community, so most will try to skip through the process quickly, screenshotting the recovery code (a security problem) instead of using pen/paper.

One solution is to let users wait until they are ready to create a recovery code. This seems appropriate and low risk: people will be using Quiet every day and will have very little personal data (DMs) at stake at first, so there isn't a reason to rush them into it. Moreover, the easiest recovery method by far is a linked device, and linking a device is much more familiar, natural, and immediately rewarding than creating a recovery code. So the nudge to create a recovery code doesn't have to come until after the user has linked a device or told us they don't want to. The first nudge is to link a device.

We may also want to show the recovery code nudge only in places in the app where the user has personal data that would be unrecoverable, such as DM threads. We can also make it visible to admins who have set a recovery code and linked a device, and tell people this, so that admins can check in and so there's some accountability within the organization itself. That way it's "something someone in my team wants" instead of "something the app wants". We could even make the nudge come from the admin in some way. e.g. "Got a sec? @your-boss wants you to create a recovery code: get started"

We can also make it very clear why they are creating a recovery code, how it works, how not to do it (don't screenshot it or store it digitally) etc.

Finally, we can block screenshots on the recovery code screen.

[holmesworcester]

Designs for feedback: https://www.figma.com/design/jTBibN65ZhpcIEQ4kfgfZs/Promote-device-linking-and-recovery-keys-in-DMs?node-id=13-37&node-type=instance&t=j6utnD12mSEexzxs-0

---

Feedback from user C. was positive!

[holmesworcester]

People understand the nudge, so this is succeeding in terms of feedback. The issue is that people express not wanting to have to deal with recovery keys.

[jgaylor]

@holmesworcester The above link is deprecated. New links:

1. Device linking Figma (This seems good to go)
2. Recovery Key Figma (Ready for your review)
   1. I updated "Promo banner for creating a recovery key" to include clarity about what happens when the banner is clicked. It should use the same flow as in settings but end with returning to the entry point and showing a confirmation.
   2. There's one flag with remaining questions and comments from both of us on the "Recover account with key" frame probably worth discussing and converging on.

[holmesworcester]

Just noting here that in our user research, recovery codes are currently losing to: "just give me the option of letting my admin restore my DMs, even if that means they could see them."

So we might not have recovery codes at all. Adding to external feedback to learn more.