[Veratyr]

> Key changes in a messenger are totally different. They happen under normal conditions

This doesn't have to be the case. If you stop coupling a key to a device and instead couple a key to a person (generating a key deterministically from a password for example), they can be changed far more rarely.

[mavhc]

Whatsapp became popular because they worked out a way to not have to have people create an account and a password, you're overestimating humans

[Saavedro]

this requires humans to be able to generate and remember passwords with decent entropy

[Veratyr]

That was just an example. You could also pair the key to a person by some other method, such as storing a copy of it on a storage medium other than their phone.

[zulln]

Requiring a external storage medium would kill the service. I think you have to separate a service made for the masses and a service with focus on security/encryption. For WhatsApp there will be some instances where you have to choose between security and convince, and they have choose the former, which is only naturally.

[Veratyr]

I didn't say it has to solely reside on the storage medium. The phone can keep a copy and a user can make a backup.

[dleslie]

Pass phrases.

[pmontra]

There is one pass phrase I remember, 5 passwords, 2 PINS, 2 phone numbers. My password manager and address book remember hundreds of passwords, phone numbers and emails each.

For some reasons everybody uses an address book, many people let browsers remember passwords but almost everybody resists the idea of using a password manager and end up with low entropy passwords.