If my understanding is correct, any fresh key pair would do. Principals and account ids can be calculated from the key pair. People can use them to receive and send ICPs via the ledger, for example. All these do not have to go through Internet Identity or the NNS app.
On the other hand, there is no universal “Account Address” like other blockchains. For example, on Ethereum you can send any kind of token to an address, and the same address is used across all apps.
On the Internet Computer, you can not do this. The address a user sees in the NNS app is tied to the key pair used for the NNS app only. There is no easy way for another app to get that key pair (if they can, it’ll be a security breach on II). So you can’t just send a custom token to an address, and hope that user can receive it. That user will never be able to receive or use it unless the NNS app supports this custom token too. All because the key pair is only usable by the NNS app.
So if you build an app, you have to decide how you want your user to manage their key pairs. If you use II, that job is taken care for you, but also comes with an restriction that there exists no universal address or user identifies that all apps can use, which would go against the design principle of II if I’m not mistaken.
I think it will not be unusual for apps to offer app specific addresses that people can use to transfer tokens in/out. Very much like how an exchange manages your assets.
There are already competing wallets built by developers, we’ll see if any of them will eventually win out and become the de-facto standard. But so far II still has a majority upper hand.