Purpose of this thread
Internet Identity Labs, a community team building NFID, and in collaboration with Jordan, are willing to devote time and resources from their projects to write the code for this work.
Our intention is to make one small but mighty iterative improvement, not to how all of the Internet Identity service works, but rather one very specific component. However much we’d love one or all of these ideas implemented, in practice any of them would take many months to discuss, architect, and implement.
The feature in question is: An opt-in feature where users wanting to remove a seed phrase must first re-enter their seed phrase as confirmation they’re in possession of it (I posted above what it might look like).
We believe this is important for the specific case when an attacker may be in possession of one or more of a user’s authentication device(s) and attempts to lock the user out by removing all other devices, including the seed phrase. If this feature were implemented, the attacker wouldn’t be able to remove the seed phrase, giving the user a fighting chance to regain control of their anchor.
Of course there is more work to do - What if the attacker knows the seed phrase? What if the user lost their seed phrase? How could device management generally be made more secure? - and Internet Identity Labs is devoted to taking these on over time.
For the immediate term, please respect this topic’s scope:
-
raise agreement or challenge for an opt-in feature of seed phrase re-entry prior to its removal -
backlog out-of-scope questions, ideas, and discussions to new threads
- One technical challenge exists that @bjoern highlighted must be investigated, which is the consideration that it may be harder to implement a partial solution and generalize later… we’re looking into it
Thank you all for the healthy discussion!