This authentication issue is likely caused by having multiple passkeys saved across different domains. You can verify this in your Internet Identity dashboard, where you might see a message like this:
Some of your passkeys may be outdated, and safely cleaning them up can improve your sign-in experience.
For example, the screenshot below shows passkeys registered on three different domains: identity.ic0.app, identity.internetcomputer.org, and id.ai.
Why this is an issue in II 1.0
Due to browser API limitations, Internet Identity can only search for a passkey on a single domain at a time. If you have passkeys on multiple domains, II will guess which one to try first (based on recently used). If the passkey for that domain isn’t on your current device, the sign-in will fail, forcing you to try again (blue message shown in @wpb’s screenshot).
How II 2.0 solves this
This is no longer an issue in II 2.0, which consolidates all passkeys under a single domain: id.ai.
How to clean up your passkeys
Consolidating your passkeys to a single domain will resolve the sign-in issues on II 1.0
!! IMPORTANT !!: Before you begin, ensure you have set-up a seed phrase as backup method and that you’ve verified you’re actually able to recover using this seed phrase!.
Follow the instructions that match your usage:
If you use II 2.0 (on id.ai)
- Go to the II 1.0 dashboard
- Keep only the passkeys associated with the
id.aidomain. - Remove all passkeys from other domains (like
identity.ic0.app). - Going forward, it’s recommended to add any new passkeys through the II 2.0 dashboard.
Your id.ai passkey(s) will work for both II 1.0 and II 2.0.
If you only use II 1.0
- Go to the II 1.0 dashboard
- Keep only the passkeys associated with the
identity.ic0.appdomain. - Remove all passkeys from other domains (like
identity.internetcomputer.org).
Your identity.ic0.app passkey(s) will work across all II 1.0 domains.
In summary
Once everything has been updated to II 2.0 and II 1.0 has been phased out, the issue should no longer be present. Meanwhile you can manually cleanup your passkeys to resolve the issue as mentioned above.
This issue affects users that use both identity.ic0.app and identity.internetcomputer.org with the same identity by manually adding a passkey for each domain. This is no longer needed since passkeys can be used across domains since a while back.