I understand it’s not for everyone. But the 16-character minimum is there for a reason — your password is the only key to your account, no fallbacks, no recovery via phone or email. That requires a strong password. There’s a built-in password generator in the app — one tap, cryptographically secure, 16 characters, done. Save it once and you won’t need to type it again. Think of it like a crypto wallet seed phrase — you store it once somewhere safe and that’s it. If the priority is speed over security, Telegram is a better fit. ONYX was built for people who actually care about privacy, and that comes with a slightly higher entry bar. That said, I’ll consider dropping the hard minimum to 8 characters with a strong recommendation to use 16 — so people have the choice but know the tradeoffs.

Yes, 16 characters minimum. Since there’s no phone number, no email, and no alternative recovery method - the password is the only thing protecting your account. A weak password with no fallback is a real risk, so I set the bar higher intentionally. It also reduces brute force viability. Passphrases are supported but currently not used for login - just the password for now.

Write to @support directly in ONYX, using the search field, and we’ll discuss this in detail.

that’s a great idea, I’ll consider adding it in one of the upcoming updates.

Fair skepticism, but no - I used AI for the English translation of my post, since I’m not a native speaker.

Just to clarify — E2EE in ONYX is only for private chats. Groups and channels (both built-in and self-hosted) don’t have E2EE, which is actually closer to your point — for groups it’s a deliberate tradeoff for simplicity and reliable sync. So you’re right, for that use case TLS is enough.

Fair point! Yes, Claude was used as a coding assistant throughout the project. That said, every single line went through strict manual review — nothing was blindly copy-pasted into the codebase. All architectural decisions, the crypto stack choices, and the overall design are my own. Claude helped with boilerplate and speeding things up, but the project is not “vibe-coded”.