TLDR;

Internet Identity 2.0 has launched with a new flow on id.ai, bringing a revamped authentication experience: a new passkey flow and Google login.

Existing users can upgrade their identity to use 2.0, while maintaining compatibility with 1.0.

Developers can start updating their apps by setting the identity provider URL to “https://id.ai/”.

What is Internet Identity 2.0

Internet Identity 2.0 is a significant upgrade to Internet Identity. Here are the main developments:

• Completely Redesigned Interface: We’ve given Internet Identity a fresh, modern look and feel. The new design is intuitive and easier to navigate, ensuring a smoother user journey.

• No More Identity Numbers: You no longer need to remember or store an identity number. Logging in is now simpler and more streamlined.

• Seamless Passkey Integration: Internet Identity 2.0 leverages the latest passkey standards for enhanced security and ease of use.

• Google Integration: This makes Internet Identity accessible to an even wider audience and offers an alternative access method to passkeys.

• Accounts: You no longer need to have multiple identities to use different roles with the same application. The new version allows users to create accounts from the same identity to have various application accounts.

Internet Identity 2.0 is being rolled out in phases. Initially, only the domain id.ai uses the 2.0 flow, while the previous domain (identity.internetcomputer.org) uses the 1.0 flow. Applications must opt in to support 2.0, and existing users will need to upgrade their identity to ensure compatibility with 2.0.

Impact on Existing Users

If you are using Internet Identity 1.0, you must upgrade your identity to use the new 2.0 flow. A specific upgrade process is required to enable access to the new user interface (UI).

After upgrading, users’ credentials remain valid on both 1.0 and 2.0. This ensures uninterrupted use with existing applications and a smooth transition as more apps adopt 2.0.

No data or credentials are lost during the upgrade; the identity simply gains 2.0 compatibility, while remaining usable on applications still relying on the old domains.

Upgrade Strategy for Existing Users

You can upgrade your identity in two ways:

• Visit id.ai directly and follow the upgrade steps.

• Upgrade the next time you log in to Caffeine or any app using id.ai by following the upgrade steps.

Steps to upgrade:

1. Start the flow by clicking on “Upgrade.”

756×1334 71.3 KB

2. Enter your Internet Identity number. You will then be prompted to authenticate with your current passkeys.

752×1334 54.3 KB

3. Enter a name for your identity. 2.0 introduces names for the identities. These are not unique names, but names that help you identify your identity. You will be prompted to create a new passkey after this step.

752×1334 60.4 KB

4. You’re done! After these steps, the upgrade process has completed.

Upgrade Strategy for Developers

Developers only need to update their AuthClient identity provider URL to id.ai instead of identity.internetcomputer.org to integrate Internet Identity 2.0.

Keep in mind:

• Users must upgrade their identity before they can authenticate with Internet Identity 2.0.

• We will share upgrade statistics in the forum so you can plan when to switch your apps to id.ai based on upgrade rates.

Future of the Old Domains

The legacy domains identity.ic0.app and identity.internetcomputer.org will continue using Internet Identity 1.0 for now. Later this year, they will also transition to the new Internet Identity 2.0 flow.

When these domains are upgraded, users will be required to complete the upgrade process to use them. This ensures all access eventually unifies under the new 2.0 system.

Accounts After Upgrade

Internet Identity 2.0 allows for creating multiple accounts for the same application. This means that users don’t need to manage multiple identities if they want to have a test account or to separate work and personal accounts for one application.

For upgraded users, the default “primary account” is the same account as the one used in Internet Identity 1.0. Therefore, you only need to select the default to keep using your 1.0 identity with your favorite applications.

Frequently Asked Questions

Will I lose my credentials?

No, your credentials remain unchanged.

Do I lose my current data if I upgrade?

No, there is no data loss. The upgrade doesn’t affect your current data.

Will my apps continue to work?

Yes, apps using the old flow will keep working.

Will my identity be compatible with 1.0?

Yes, upgraded identities work with both flows.

What is the primary account?

The primary account is the same account that was used in 1.0 identities. If you want to keep using your old identity, you need to select this account.

What happens if I don’t upgrade?

Without upgrading, you cannot log in to id.ai or apps using the new flow (like Caffeine). This is fine for now, but as more apps move to id.ai and the old domains adopt 2.0, upgrading will become highly desirable.

Call to Action

For users: You can upgrade your identity when you next log in to Caffeine or visit id.ai to gain access to Internet Identity 2.0.

For developers: Watch for upcoming upgrade statistics in the forum and choose when to migrate your applications to id.ai to take advantage of Internet Identity 2.0.

This is all great. I was able to create new id.ai IIs that I was using for caffeine alpha.

I was also able to migrate my “legacy” II. It shows in the application that all the same passkey recovery method is still in there.

Great work from your team! The login with google thing is definitly needed for mainstream onboard its much easy now for average user to foot in the door!

Wonderful ! Thank you a lot and congrats to you all !

How to recover the identity without anchor/seed?

But accounts that dont upgrade, will we be able to get into our NNS wallet even after 5 years?

Do I need to upgrade to Internet Identity 2.0 before a certain date?

No. Internet Identity is a decentralized service, meaning you control your own upgrade timeline. There is no mandatory deadline. The upgrade will remain available indefinitely.

However, we strongly recommend upgrading as soon as possible. This ensures you can access newer applications (for example caffeine.ai) and be ready when existing services transition to Internet Identity 2.0.

The above is from the support docs.

If I have an II with anchor number 12345 and then upgrade it to a specific passkey - call it Passkey A on mobile - using the 2.0 flow, will I be able to also upgrade it to another passkey, let’s say Passkey B on desktop?

The “Continue with Passkey” → “Continue from another device” flow is intended to register passkeys across devices. It’s main use case is for scenarios where your passkey is not available/synced to the new device e.g. Laptop with Windows Hello → iPhone with iCloud KeyChain.

Alright, well I’m assuming the intent is to have the NNS upgrade to II2. And if that’s the case, all of those neurons and staked ICP, and votes, and SNS tokens need to be carried over without a single token missing from anyone’s accounts.

Done, worked well.
Thanks !

so just to be sure…. in case i am afraid to update (even when its safe) i can create an II 2.0 and leave my old account… II old for staking my 8 yrs neuron and the new II2.0 to play around in the ICP universe…. am i right ?!

and another general question:

how to i login into the NNS with an IIv2 ? there are only numbers allowed.. ?

Can you explain what you mean? What do you want to recover?

Upgrading doesn’t change anything in the applications integrating with Internet Identity. After upgarding and if new applications move to the new domain, you will still have all the same data in the applications (like NNS Dapp).

There is no data migration or anything needed.

Applications can decide which Internet Identity domain to use, it’s not up to the users.

For now, if an application sends the user to the old domains (identity.internetcomputer.org or identity.ic0.app) then the old flow is presented. If an application (like Caffeine) uses the new domain (id.ai) then the new flow is presented.

However, it’s important to notice that for the application data it doesn’t matter which domain they use. The identity that the application sees doesn’t change from one to another. “Upgraded identities” are the same as legacy identities at the eyes of the application.

If I have 2 II v1 (created in 2021) that share the same passkey (YubiKey), and I upgrade both of them to v2 while still using the same passkey (YubiKey), then when I log in, how does the system know which II I want to use the passkey to log into?

Part of the upgrade is to create a new passkey. That’s how II will know which passkey is which identity.

With old id, I can recover the identity anywhere using seed phase, if the new passkey device lost , how to recover the identity ?

For now, you should add two passkeys or link a Google account to your 2.0 identity.

However, if it’s an identity from 1.0 that has a seed phrase. We will add support for seed phrases in the future. We don’t have a date yet, but it’s one of our top priorities.

That’s what I thought, thanks