One of the super confusing things is that even if you only use a single client it can be verified or not.

That's confusing even for very technical people; because, it simply doesn't make sense.

Saying "verified or primary client with recovery keys generated" seems too long, so they should just say something like "less secure" on the "unverified" sessions.