MSC4405: Deprecate the emoji method for SAS verification

[uhoreg]

Rendered

Disclosure: I am a member of the Spec Core Team, and the Element crypto team. This proposal was written with my Spec Core Team hat on.

[turt2live]

Implementation requirements:

• Some notion of approval from product-focused teams

[uhoreg]

As a data point, Nico says that Famedly is already only using decimal verification, due to requests from customers.

[TheArcaneBrony]

I struggle really badly at handling numbers (to the point where 2FA is a nightmare and I have quit doing 2FA on a separate device, or taking 5-10 minutes to type over a bank account number).

This also would be majorly problematic for anyone with dyscalculia or otherwise poor/bad vision.

I would prefer if Emoji verification remained, because it's very visual and intuitive, even if the rendering can be inconsistent between apps, devices and platforms.

[Johennes]

I struggle really badly at handling numbers (to the point where 2FA is a nightmare and I have quit doing 2FA on a separate device, or taking 5-10 minutes to type over a bank account number).

I'm not sure how much of a practical difference it makes but bank account numbers in Europe are almost double the length of the verification decimals (20 vs. 12 symbols) and you shouldn't have to type them during verification.

This also would be majorly problematic for anyone with dyscalculia or otherwise poor/bad vision.

This is true. Though I suppose a dyslexic person would have similar issues when having to also read emoji names and possibly translations. I wonder if voiceover / screenreaders could assist in both of these cases?

[richvdh]

@ara4n suggested:

• change the font/layout in EW to make it more dyslexia-friendly.
• Allow users to click "compare emoji instead".

[TheArcaneBrony]

Providing the text descriptions of emojis may be a fair solution to avoid the confusion problem, as it can be ignored outright if the emojis match up.

As for the 20 vs. 12 symbols thing, I mentioned 2FA as another annoying case specifically because it's 6 symbols - it still takes a considerable amount of time and effort to verify, whereas with the 8 emojis you can rely on visual memory at a glance.