Ever heard of something called a non apple user? Use of keychain backup functionality is far less common in the android ecosystem compared to the apple ecosystem. And a seed phrase semi-forces even ordinary users to look into password manager solutions to store them, and most ordinary users settle for one of the popular online ones like lastpass or something, making them less vulnerable to loss of funds in the housefire scenario.
Storing mnemonics online, what a genius.
Do you not see the irony of that statement when I only mentioned it in response to your icloud suggestion?
Of course storing mnemonics with a service like lastpass is not the best practice, but in terms of security and risk it is identical to backing up your apple keychain in icloud.
1 Like
Although I gotta say the more I’m arguing about it, the more I kind of see the other side of it for ordinary users. The phishing protection passkeys offer is kind of invaluable, and there’s definitely a greater risk statistically speaking to be remotely exploited by plain phishing than in person attacks that threaten your passkey.
However I do still think it’s a horrible design decision to not provide a password or seed phrase log in option with a variety of 2FA options for security-conscious power users that do not rely on having to purchase a >$50 gadget. Also the lack of requiring authentication for individual transactions when transferring funds on the NNS after log in is still an absurd failure to adhere to proper security standards.
1 Like
Adding a recovery phrase now works seamlessly with Internet Identity 2.0.
For those using the Proton password manager, I believe this setup ranks very high in terms of privacy. I have successfully tested all options on Windows; on one occasion when I encountered an issue, the support I received here helped me resolve it quickly.
My friends who use Linux machines often complete the sign-in process using their phones, or a hardware USB / NFC key.
It is important to note that syncing a passkey to a cloud service is not the same as syncing general user data to that same cloud.
In my opinion, Internet Identity is a very solid product—designed for highly secure applications while maintaining a high level of user experience and comfort.
2 Likes
Internet Identity is a pleasure to use.
DFINITY was years ahead of everyone with this tech.
It saves so much time using it and honestly is how the entire net should work when it comes to logins and we should really do away with usernames and passwords entirely.
I have never had to do a single “forgot password” on any ICP site that uses II.
I have never had to do a single “forgot username” on any ICP site that uses II.
Think about how many times you have to use these recovery mechanisms even today with how many sites there are and how many username and passwords you need to remember. And if it wasn’t for the Apple keychain or the browser caching this data, you’d be using “forgot pass” every other day unless you are reusing the same pass or passes over and over again which puts every single one of your accounts at risk for hackers.
Usernames and Passwords have caused so many breaches and problems and have caused us all to waste a lot of time. Now we’re wasting time with texted codes and emails as a means to secure the insecure.
1 Like
Internet Identity is one of the best thing in crypto world. Absolute killer in my opinion. But… only a fanatical fool cannot also see the flaws and dangers.
- I like a lot II 2.0
- The number in II 1.0 was onboarding killer.
- But it’s building a central point possible failure, which is anti-pattern of web3 and could be very dangerous. Personally, on a scale of danger I would say VERY.
1 Like
I don’t believe the number in v1.0 was bad at all. In fact I actually prefer it but to each their own.
1 Like
as user I like 1.0, as someone trying to get user, I like 2.0. 
2 Likes