> The XMPP password and the key password should be something completly > different.
Yet, in practice, everyone who doesn't know much about security will use the same password, and you're back to square one. You can try to ask all clients to consistently refuse keys with the same passphrase as the account (and vice versa, refuse account password changes that are the same as the key), yet I doubt if that will work. cheers, Remko
