Adding custom Recovery Phrase, using hardware wallet with IC


I created my first Internet Identity recently and used a YubiKey to authenticate it. It works fine. I also added Firefox from my Android Phone as a second auth for temporary redundancy. So far so good.

After every successful authentication, IC will ask to create a Recovery Phrase to strengthen the security of the Identity. When following the Recovery steps, IC will generate a random(?) Seed Phrase for the Identity. In principle this is acceptable, however it is irritating from a usability standpoint.

The problem:

I already have a Seed Phrase that I use with Cardano. It is stored on a BitBox02 hardware wallet. And I have memorized it, so if that hardware wallet was lost, I could recover it from my memory. As it stands right now, with IC I would need to memorize a new Seed Phrase, and it would just be usable with IC.

Is there a way to
a) authenticate the BitBox02 besides the YubiKey?
b) set my established Seed Phrase for my Internet Identity in a safe manner?

If this is not yet possible, is this a consideration for future improvements? Or is this simply not in the realms of possibility with the IC architecture?

Thank you.

Hi @xezon

Some quick googling seems to suggest that the hardware wallet that you are using is supporting FIDO / WebAuthn. Which means you should be able to register it as a passkey on Internet Identity (the same way you would use a YubiKey).

Once you have done that, there is no need to have a recovery phrase in Internet Identity at all, as you can always recover the hardware wallet with the phrase.

Note that for the time being it is not possible to remove a recovery phrase from your Internet Identity. But we are in the process of reevaluating that restriction.

I hope this helps. Please let me know, if you succeed in adding your hardware wallet as a passkey.

1 Like

Thank you Frederik. I will try that and report back if that worked.

If it does work, does it mean I can use any BitBox02 with my seed phrase and Internet Identity would see it as the same authentication?

By the way: I have received a private message in this forum in response to this topic from user Thinking0, which, I suspect, is a phishing attempt

Hello @xezon
We opened a ticket for you based on your inquiry, you have to talk to a live support agent for answers.
Kindly use the support link below to talk to a live chat agent using ticket ID SLIM83h94
Support: [dfinity Support ](Link Redacted)
Note; Click on the live chat icon at the bottom corner of the page to initiate chat.

Perhaps that can be looked into as well.

Yes, that should be the case. However, I highly recommend testing recovery mechanisms to be sure they work in case they are needed.

Regarding the private message: Please report the user using the report button in the three dot menu below the private message. Thank you!

I can confirm that the BitBox02 can be registered as FIDO device with Internet Identity. The device will only be recognized after it has been unlocked with its user password. Whether or not it still works after the seed phrase was changed on the device I have not tested.

1 Like