You’re right, this discussion started quite a long time ago, my addition:
I just feel that deliberation about security threat for investors takes too long, also note that it’s scary for possible new investors (some expressed this worry to me).
5 Likes
Thanks for letting me know about @jsull9’s concern @wpb. Wenzel is right, I invite you to read this @jsull9 : Internet Computer Content Validation Bootstrap
Particularly the section « Is a recovery phrase as safe as a recovery FIDO device ? ».
2 Likes
Thank you! I am still learning to navigate this forum so excuse me if the location/timing is off compared to the original discussion.
I appreciate the help though!
2 Likes
Quick update from the II team: the protected recovery phrases feature has been released and deployed to mainnet.
Forum announcement: Protected Recovery Phrases: Released & Available Now!
Internet Identity Upgrade Proposal: Internet Computer Network Status
4 Likes
The new locked recovery phrase is a great addition. It has probably been mentioned but an attacker could just access your account ( find your security key ) and send your ICP into another account, without ever worrying about your seed phrase. Is there a possibility of setting send limits, setting time limits on transfers ( 48 hours before it transfers and can be withdrawn in the meantime ) whitelisting addresses and getting email notifications of attempted transfers ? Sorry for all the asks 
4 Likes
Also a check seed phrase option, why? If you have multiple seed phrases, in 5 years time you may not know which is which. I’ve been there. Would be great to know which seed phrase actually is the correct for an account you own.
Hi, I believe that every security restriction is good for investors and innovation in this area is never enough.
What could help for the mentioned worry is to stake your ICP - eventual attacker won’t be able to send your funds away and you’ll be able to simply delete the compromised device.
I try it to recover an internet identity in nns app, i have right seed but failed. Is any developer kind to tell me why i cant have acces to my funds, acces that should be provided by seed phrase? Thank you