HOW ?? I don’t understand something here, explain to me how to log in to nns using only id.ai (?). How do I create a passkey on the id.ai website for the id0.app website, which is needed to log in to nns.. what do you suggest??
If you directly go to https://identity.ic0.app (II 1.0) on your phone and recover using the seed phrase, you should be prompted to create a new passkey on your phone which can then additionally be used to authenticate going forward.
Right now the NNS and most applications on the IC are still using II 1.0 (https://identity.ic0.app), there’s no way to sign in with an identity created on II 2.0 (https://id.ai) onto the NNS and those applications (for now).
The recommended approach for now to have an identity that works in both II 1.0 and 2.0: create an II 1.0 identity at https://identity.ic0.app and upgrade that identity to II 2.0 at https://id.ai
Yeah, i know this. You first said
and that was confusing. What does it mean that “id.ai passkey work for II 1.0 “ .. (?)
Currently just use II1.0, II2.0 only use for caffeine
I meant that:
- Create an II 1.0 identity, it’ll have passkey A
- Upgrade it to II 2.0, it’ll additionally have passkey B
- Sign into II 1.0 and remove passkey A
- You’ll still be able to sign into II 1.0 with passkey B (besides II 2.0)
The other way around:
- Create an II 1.0 identity, it’ll have passkey A
- Upgrade it to II 2.0, it’ll additionally have passkey B
- Sign into II 1.0 and remove passkey B
- You’ll still be able to sign into II 2.0 by upgrading again with passkey A (besides II 1.0)
TL;DR
As long as you have access to a passkey created in either II 1.0 or 2.0, you’ll be able to access II 1.0 and 2.0
1 Like
WHERE .. On which site? (identtity.ic0.app or identity.internetcomputer. org) ?
Both, there are two domains for II 1.0 and one domain for II 2.0.
So you’re saying that having only passkey B (ii 2.0 aka id.ai), and no other passkeys, I can freely log in to the ii.1.0 ic0.app identity page (and for example perform all management). … That’s REALLY very interesting… but I’d rather not check it. Record a video tutorial and show how you do it.
Okay, you’re probably right… but if so, why isn’t it possible to manage the recovery key and recovery passphrase from id.ai level? Is it because it’s too dangerous since you can log in using Google Password Manager (which is probably the most vulnerable to hacking). Is that the reason?
hate hate hate hate hate hate hate hate 2.0!!!
Recovery phrase usage and management is currently being implemented in II 2.0, expect it to become available in the coming week(s).
Not really sure what to do with this feedback 
If you have any constructive feedback, feel free to share it.
4 Likes
At certain resolutions (or really certain app dimensions) The app (login screen) “jiggles around” because the scroll bars constantly disappear and reappear for no reason:
you can recreate this bug by dragging the size of the screen with dev tools open. You will see at certain screen dimension the app will start “shaking”
I was able to see this occur on both chrome and edge on desktop.
Do you have a screenshot or video of this issue you could share?
Sorry it won’t let me upload video. But I do know what the problem is.
I was able to remove the offensive behavior with the following javascript injection
document.body.style.overflow = "hidden";
So the only thing needed to fix the problem is to add that css element.
This is purely a cosmetic issue, but it will scare users away whose desktop happens to be at the same resolution as mine.
Sounds like a scrollbars issue, is this perhaps on Windows? I’ll have a look on Windows.
Edit: able to reproduce it, will look into the cause and appropriate fix.
3 Likes
I never used any USB dongle, and keep struggling to log-in. I know this topic has been discussed for a while, and apparently users concerned may need to remove some of the domains that are associated to their passkey. However, after reading plenty of forum posts, I still struggle with the practical how-to-do.
What is the “ II 1.0 dashboard ” ? The place where you manage your Internet Identity, … but how to access it, if log-in has become an issue?
Is there a good walk-through regarding how to get an ID working, e.g. once it it was used with multiple domains?
Furthermore, as a blockchain developer I wonder, is the domain id.ai now a single point of failure for the entire nns and ecosystem?
When you see this blue “Please try again” toast on the bottom of your screen (as seen in the screenshot you’ve shared), please click your identity number again, it will try again with passkeys from a different domain name.
There are 3 domain names: identity.ic0.app, identity.internetcomputer.org and id.ai. When you authenticate, the passkey browser API only allows an authentication attempt for a single domain name at a time.
So in the worst case, you’ll need to authenticate up to 3 times before it’ll use a domain name with passkeys available on your current device.
The USB dongle screen is an OS fallback behavior when it can’t find any passkeys for a given domain. This behavior differs between platforms and/or browsers.
The page you’re trying to sign into as shown in your screenshot is what we call a “dashboard”, “manage page”, “identity hub”. We’re working on more consistent naming and documentation in relation to II 2.0 for it’s functionality and pages.
In practice this issue should only appear for users that have manually registered passkeys on multiple domains.
Both II 1.0 and II 2.0 are able to authenticate across the multiple domains without the need for passkeys registered in each of them for a while.
But unfortunately, before this was the case, various users seem to have manually registered passkeys across domains to be able to use the different domains with the same identity.
Please see the following instructions here to resolve it.
Domain isolation of passkeys is a great privacy feature in browsers but this also means that the passkeys are tied to the particular domain.
It’s possible to override the DNS resolution in Chrome to make it resolve id.ai to a different location, which is what we’re doing in our e2e tests and could be used as a workaround in case of disaster recovery (loss of the id.ai domain).
We highly recommend to create a recovery phrase to be always able to regain access in all possible scenarios:
- loss of hardware that holds your (local) passkey.
- loss of account access to passkey manager (e.g. iCloud).
- loss of account access to linked account (e.g. Google).
- loss of id.ai domain (unlikely but workaround available).
We’re also working on improving the access methods overview in II 2.0 to more clearly illustrate where individual passkeys are stored, some example descriptions that will be shown:
- Stored and usable only on the Windows device it was created on.
- Stored in your apple account and synced across your apple devices.
- Kept on the YubiKey. Authenticate on supported devices via tap/insert.
3 Likes
3 Likes