This is my first crypto cycle where I am invested in actual crypto using wallets.
I understand that you need to log into trusted sites using your wallet otherwise you can lose everything.
I have a lot in my Internet Identity wallet. But, I’m also using it for Taggr and OpenChat. Now that I think about it, is that bad practice?
Should I create a separate Internet Identity for logging into apps such as Taggr or OpenChat or other lesser known apps and have another identity for holding my ICP and other coins?
And since I already use the same identity for my coins and for Taggr and OpenChat, is there a way to transfer my logins from those two apps to a new identity?
Internet Identity is essentially just a sign in device.
Similar to how a Ledger would work. Each site would create a local wallet that does not have access to any funds held inside that II. You do not need to create a new II for each dapp you wish to use.
However best practice is to only sign into dapps that are known and trusted. Do not rush to be the first to use a dapp but if you do I normally use a second II that has little to nothing inside it just in case something is malicious.
Best practice is to separate how you log in to the place where your tokens are stored from how you log in to other apps. If someone steals your login, everything is at risk.
If I have my tokens on the NNS and log into other dapps (lets say ICPswap for now)
If a hacker somehow gets the login credentials to the dapp does that mean they also are able to log into the nns with those same credentials?
If so I also have a yubikey that acts as a failsafe login if I lose my seedphrase. Will they be able to add themselves to trusted devices and steal the funds out of the nns?
No you cannot move your Taggr or OpenChat logins to another identity, you will have to move your tokens. But each app can build a feature to help you migrate to another identity.
No you cannot move your staked ICP.
Keep in mind if you lose the Internet Identity to your NNS account (the one with staked ICP or a new one you create for your liquid tokens), or that Internet Identity is stolen, you lose everything in your NNS account.
You should consider the NFID Vault smart wallet that supports multi-factor approvals if security is a concern.
If by “login credential” you mean the delegation that ICPswap gets when you sign in, then no the hacker cannot use that delegation to access your NNS account
If by “login credential” you mean your Internet Identity, then yes the hacker can use that to access your NNS account
Judging by your last question about the yubikey, I assume you meant your “login credential” is your Internet Identity. If the attacker gains access to any of your trusted devices, then yes they will be able to add themselves as a trusted device and steal the funds out of your NNS account.
As I mentioned in my previous comment, you should consider the NFID Vault smart wallet if security is a concern. Adding multi-factor security will secure your assets against such attackers.