Last time I upgraded my ID, I ran into serious issues. Only one of the linked domains seemed to have full control over the ID, which caused multiple problems: login loops, unexpected wallet changes, and being unable to modify settings at all, because various projects seem to either use one of the 3 following domains below where you had to setup the same login 3 times each for one domain.
At times I couldnât log in, other times the system wouldnât remember my session or would simply reject the login. There was no clear way to identify which ID belonged to which context no identifier, optional renaming, or way to pull in a legacy ID. Even when using my phone or different browsers, the behavior was inconsistent. I was not alone, many expressed these exact issues on X during late night calls.
It got to the point where I had to start over completely resetting everything, redoing browsers and phone setup. The worst part was the constant uncertainty: not knowing whether I had lost access via my phone or browser, and feeling like if that happened, I could be permanently locked out with no clear recovery path.
Before I upgrade again, I need to know:
Have these issues been fully resolved?
If I upgrade now, is it still possible to downgrade again until January 26?
The previous experience was honestly a nightmare, and I donât want to repeat it without knowing the risks are gone.
Weâre aware of this and itâs on our backlog to investigate and introduce a more secure alternative to the recovery phrase locking feature found in the legacy Internet Identity. We decided against adding it back âas isâ since locking a recovery phrase means you lose permanent access to the recovery phrase reset functionality in case you lose the recovery phrase.
This has various security implications, from not being able to ever reset it again and thus losing the recovery functionality forever, to not being able to reset it when someone else gains access to the recovery phrase.
We decided to not wait with rolling out the new id.ai experience for this functionality since that would significantly delay adoption and ease of access of the IC ecosystem as a whole. Keep in mind that if you already have a locked recovery phrase in the legacy product and upgrade, this will still be locked in id.ai.
This is exactly one of the problems in the legacy Internet Identity experience with passkeys weâre hoping to resolve, by moving to a single dedicated domain (id.ai) these sort of multi-domain issues should no longer be an issue.
As far as Iâm aware weâve resolved various issues related to passkeys but if you come across any issues, please donât hesitate to bring them up on the forum or by contacting support (thereâs a link in the id.ai footer).
Yes, since the upgrade is mostly registering a new passkey for id.ai, downgrading is only a matter of removing the id.ai passkey in the legacy Internet Identity dashboard.
Recovery phrases are now also available in id.ai, we highly recommend to set-up a recovery phrase since those do not depend on external factors e.g. a broken YubiKey, lost access to password manager, breaking change in passkey browser API, DNS issues, losing access to e.g. Google account etc.
In case you already have a recovery phrase in the legacy Internet Identity product, this is compatible with id.ai.
Sorry to bother you, and Iâd appreciate your reply when you have time.
Currently, I have my Internet Identity 1.0 recovery phrase written down on paper, but it hasnât been locked yet.
Since I use Caffeine, I entered my II 1.0 anchor number and have already upgraded to II 2.0.
When I check the âRecovery phraseâ section in II 2.0, it shows âRecovery phrase not verifiedâ and displays a different phrase from the one I recorded in II 1.0.
Is this happening because my II 1.0 recovery phrase has not been locked?
If I lock it now in II 1.0, will it synchronize with II 2.0 and remove the âRecovery phrase not verifiedâ message?
Additionally, Iâd like a more detailed understanding:
If I write down the recovery phrase shown in II 2.0 before locking it in II 1.0, will my II 1.0 recovery phrase become invalid after January 26?
In that case, should I consider the newly issued recovery phrase in II 2.0 as the valid one to keep?
Thanks for the response! Will it be unlockable in id.ai if itâs already locked from the legacy ii? And then there will just be no way to relock it until you guys add that or similar functionality?
You can login with both identity.ic0.app and id.ai at the same time, and you should get the same principal.
Hope this gives a bit of peace of mind to some people.
Yeah bro I tested it with a burner ii, if you lock it in ii1 it shows up locked in ii2. however i wouldnât unlock it as they are removing the functionality to lock it in the first place in ii2, so you likely wonât be able to relock it.
