A new Internet Identity version was just deployed through proposal 60679. For day to day operations you won’t notice anything different, but it includes a few changes to the FAQ section, which deserved some love – and still does!
In particular, it now includes these two questions:
These two questions indirectly came up in a thread about recovery phrases. I would like to encourage everyone to post questions they might have about Internet Identity in this thread here , and we’ll do our best to give simple and easy to understand answers, which we’ll then add to the FAQ!
This is wonderful. Thank you so much
Thank you SO much for this thread! My apologies in advance for the length of my post/ questions… I have a few questions about long-term storage and using the FUBI keys. Is there a way to just use a spare flash drive as a FUBI key? If not, are/is there a specific brand of FUBI key to purchasing that works for the IC identity? I am concerned about only using the seed phrase created on the computer (mac os), then saved on paper. There is still room for the seed phrase to be vulnerable I was told (which would allow someone full access to my account)… So, I am trying to get the appropriate hardware. I stake (and am fine with it) on the NNS directly, however, down the road if my account becomes of any tangible value I want to protect myself ahead of time, to prevent said experience. I like the Ledger hardware wallets for the ability to have a backup in case damaged or lost. I would prefer that type of concept in any reccomodations.
Also, say I pass away and in my will, I leave my digital assets (ICP coin) to x,y, or z. How can I make sure that person(s) have access (or ability to follow written instructions on how to access) this account? If using the FUBI key then they can plug that in and use it that way, however, what if it is a fingerprint sensor? is there a backup to prevent that?
Thanks for sharing your questions! I’m currently on holiday and will reply/update the FAQ accordingly when I’m back. Hope it can wait
Hey, thanks a lot for your question and apologies for the delay.
I’m not sure what a “FUBI” key is, do you mean “FIDO”? I’m going to assume that’s the case.
No you can’t! You could use a spare flash drive do e.g. store a text file without your recovery phrases, but you cannot use a flash drive as a FIDO device. The flash drive only stores content; the FIDO devices have special security modules and firmware that perform cryptographic operations. For most FIDO devices you can never actually read the content stored on it, you can only tell the FIDO device to use that content to e.g. sign something.
The YubiKey line of product from Yubico is very popular and known to work. You can also use a Ledger device as a FIDO device. The advantage of using a Ledger device is that you can then export a recovery phrase from it (not to be confused with Internet Identity’s recovery phrase) which you can then use to recover your Ledger device if lost, which can then be used to authenticate to Internet Identity as well.
As a disclaimer, I am not a lawyer, and not an expert on the subject. If this is important to you you may want to store your assets in a bank.
In general, yes, if you have a simple FIDO device that doesn’t require biometrics or PIN, you can just make sure the device lands in the right hands. If the FIDO device does have a fingerprint/biometrics sensor, then indeed no one else will be able to use it.
@jsull9 please let me know what makes sense and what needs clarification!
So embarrassing that I wrote FUBI Key. You are 100% correct, I meant FIDO. Lord have mercy. I was looking up Yubi keys and my mind was clearly just poof. Thank you for the clarification though!
Also, as far as leaving my assets behind. I have decided on a Yubi key that I can just leave to someone directly. My thinking wasn’t an immediate need. However, one never knows when they’re going to die. So this was more of due diligence on my part to make sure my personal affairs are kept in order. God for bid I pass away and my neuron one day has enough to help my family with any expenses. I wouldn’t want them ending up “lost ICP”, at the very least, someone could use them as cycles.
Lot of us have being having this issue while trying to add a new device locally in identity.ic0.app it alway end up failing, we can’t add a new device locally on the same device. Please can this be fixed because it’s being doing this for long
Yes, this has never worked for me, can be frustrating.
@Karma on the screen that says “Error details”, could you try tapping on that text to see if it gives you any more information?
@Karma if you swipe across the text there should be more than just “The user attempted to register”, but I suspect it’s because you’ve already added the device.
Is that the case?
I can’t seems to see any other information there, I wanted to add another browser on my device to my internet identity I only added chrome I can’t add Mozilla Firefox or other browsers like kiwi browser to the internet identity on same device locally… this is the problems that needs to be fixed … Not just me a lot of people are having this same issues too
At least for me, my phone is seen as a single device no matter which browser I use so that error makes sense; I already added it and can’t add it again.
On my laptop, different browsers are seen as different “devices” so I had to add them all separately. I would prefer it to be the same as my phone and for them all to be seen as the same device.
I’ve read the FAQ Internet Computer Content Validation Bootstrap and I’ve read the article How to use Internet Identity | Internet Computer Home
… But I still cannot understand the difference between adding a Yubikey to an Internet Identity as a device and adding a Yubikey to an Internet Identity as a recovery mechanism. Will you please help me understand the difference and why I would want to use one or the other, or are they identical? And also if you see any opportunity to update the FAQs to make it more clear that would be awesome.
The difference is very small: A YubiKey added as a recovery devices can only be used to recover and account (i.e. by selecting “Lost Access?” on the welcome page) and not during regular authentication flows. That’s it.
We should definitely clarify / answer this in the FAQ.