Internet identity 2.0 says I cannot use that pass key during upgrade

Developers
1

Hi all

Internet identity 2.0 says I cannot use that pass key during upgrade.

I use ledger security key. Worked fine on 1.0

Dfinity teammember on reddit said coldly to buy another key. I dont have endless cash and already in a loss (60%!!) so dont feel like using more money.

Please either fix II 2.0 to work for ledger security key like 1.0 did or also supportt 1.0 on the NNS.

2

See the " Does the Security Key app support resident keys?" in the FAQ, unfortunately the Ledger Security Key App does not support the necessary newer passkey standard required by II 2.0.

As mentioned on this page, the Ledger team is working on adding support for resident keys. This applies to all Ledger devices, once they add support, this will likely also be available for existing devices.

This means you can’t use the Ledger to authenticate with apps in II 2.0, but you can still use it in the NNS to hold neurons/funds/etc (this functionality remains unchanged).

1 Like
3

Hoe can I then login to the NNS with the current ledger? You say will still be possible? What buttons to click?

NNS points to the nww II 2.0…

4

You can follow the upgrade instructions here: https://identitysupport.dfinity.org/hc/en-us/articles/40243624646804-How-do-I-upgrade-from-Legacy-Identity-to-Internet-Identity-2-0

But on the second step (after entering a name), you’ll need something other than your Ledger to create the new passkey e.g. YubiKey. Apple Passwords, Windows Hello etc.

5

I dont have a yubi key.

is dfinity seriously suggesting to rely on centralised parties like google and apple to login to the governance portal???

6

Passkeys are an open standard and aren’t tied to any platform. You can store them in different ways depending on what works best.

  • Apple Passwords
    Stored in your Apple account, encrypted, and synced via iCloud.

  • Google Passwords
    Stored in your Google account, encrypted, and synced via Google’s cloud.

  • Windows Hello
    Stored locally on the Windows device, hardware-backed (TPM), device-bound, no cloud sync.

  • Chrome browser profile
    Stored locally in the Chrome browser profile, tied to that profile, not synced elsewhere.

  • Third-party password managers (e.g. 1Password, Bitwarden, etc)
    Stored in the manager’s encrypted vault and synced across devices via the manager’s service (or self hosted).

  • Hardware security keys (e.g. YubiKey)
    Stored on the physical key itself, never synced or copied, usable on any compatible device when the key is plugged in or tapped.

If you want Ledger to also support the latest passkey standards, I could recommend to let them know through either their support and/or social channels.

Others have previously indicated that they’re waiting for support and Ledger developers have responded that they’re working on it: Since years you're writing that you're working on resident credentials but not progress since 2023! · Issue #104 · LedgerHQ/app-security-key · GitHub

When adopting the latest standards, we wait for a long time to see most platforms and services support them, but we can’t wait for every single platform and service to support things.

2 Likes