Let me clarify. Authentication with II is still fundamentally more secure than browser-based wallets like Metamask or Plug, because the cryptographic key resides in a secure hardware chip and outside of the realm of the browser or even the computer’s main memory. It is, however, also fundamentally less secure than a hardware wallet, since the hardware wallet will allow you to inspect the transaction. With web authentication, you as a user must be involved (e.g. fingerprint or face scan), but you don’t see the transaction details.
Let me put out some numbers. Here are values that I would feel comfortable with managing in different ways (these are based on my personal risk profile, everyone will have different limits):
- Browser wallet (e.g. Metamask/Plug) on my own general-purpose devices: $100s, for short time maybe $1’000s.
- Internet Identity on my own general-purpose devices: $1’000s, for short time maybe $10’000s.
- Browser wallet or Internet Identity on a “clean” device that I only use for one specific application that I personally trust, and where the front-end is decentralized (e.g. nns.internetcomputer.org) and that I never connect to public networks: $10’000s and maybe a bit more if I am paranoid about keeping the device clean.
- Hardware wallet (which I never connect to a device I don’t own): $100’000s.
- Custom cold-storage/air-gap setup: Anything beyond.
So I did not want to suggest that Internet Identity wasn’t secure – quite to the contrary! I personally think it has the best trade-off between security and usability for day-to-day use. I just want to encourage the use of “non-day-to-day” methods for cases for large amounts of tokens.