The problem has been identified and a fix will be in next Monday’s release after which you should be able to go through the upgrade with a recovery passkey.
Thank you, this upgrade is much faster than I expected.
Can it be refused, or is the UX forcing the upgrade no matter what after January 26?
After 26th, you’ll only see the new interface and be required to upgrade before you’re able to authenticate with dapps again.
This is actually very bad. Lets say i have 3 II 2.0 and now i have to somehow get my army of II 1,0 into 2.0. Honestly im not sure if i can. II 2.0 supports 5 subaccounts i think.
Why cant we just keep using our II 1.0, why we forced to migrate and so fast, makes no sence to me.
1 Like
Users have no right to choose, this is the spirit of Dfinity DAO, you should already know that.
1 Like
NNS also?
What about old passkeys made on ic0 dashboard?
Now I can’t manage them on the id.ai domain, even though they are visible. Will they be automatically deleted?
Yes.
No, access methods (passkeys and linked accounts e.g. Google) will always need to be removed/unlinked by the user’s themselves.
There’s a risk that users might accidentally remove old passkeys and are thus are no longer able re-upgrade when they lose access to their new passkeys. To avoid this risk, the old passkeys are temporarily disabled in the interface.
We’ll re-enable the removal of these passkeys in the interface when additional UX guard rails have been implemented that should mitigate the risk of accidental removal. These UX improvements should also more clearly indicate if a passkey can be used to authenticate or if it’s a old one that can only be used to re-upgrade.
For now, we’re doubling the maximum number of passkeys from 8 to 16 to make sure that users can add passkeys for all their devices in id.ai.
机翻 · 通用领域
I am using WINDOWS HELLO, and during the upgrade process, it not only requires me to input the automatically displayed II number in 1.0, but also loses the login method of WINDOWS HELLO. If there is no seed phrase, this asset will be lost?
Maybe once people start noticing after the upgrade that they pointlessy re-entered their old Anchor number as the Identity name, they’ll finally allow changing it. Especially since it’s only visible to the user, doesn’t need to be unique, and shouldn’t cause any issues.
I’m just at this point now but it doesn’t make any sense to the UX.
1 Like
You can still log in with old one and add seed phrase.
Okay @ajismyid and @ohsalmeron,
I know how to change the name in II 2.0. You simply upgrade the legacy identity again by adding an additional passkey, and then you’ll have the option to assign a new Identity name 
1 Like
When will I be able to delete old passkeys made in II 1.0 dashboard? Now they appear gray, but I can’t delete them; they just take up space unnecessarily!
if you can’t do it from level 2.0, you shouldn’t have disabled the ii.1.0 website until then. Identity.internetcomputer.org was still working, where we could do it, but I didn’t know it would be disabled so quick. At this point the old paskeys probably have no use anymore?
…And “recovery key” is most useless now, i suppose.
1 Like
HELLOU??? ! How nice that someone is still listening here.
My apologies, missed this message. Removing legacy passkeys is planned to be in the next II release, I’ll make a forum post to announce it’s availability after an upgrade proposal with this feature has been adopted and executed.
2 Likes
get error to upgrade id
Unexpected error
NotAllowedError
1 Like
Hi DFINITY team,
I’m unable to upgrade my legacy Internet Identity to 2.0 (passkeys). Two errors:
-
On NNS (nns.ic0.app) or id.ai > upgrade your identity: “unexpected error/NotAllowedError” right after entering my Internet Identity number – process doesn’t continue.
-
On id . ai/legacy, when I enter my number I have this error: Error: Failed to authenticate using passkey: Unknown error: NotAllowedError User-agent: “Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/145.0.0.0 Safari/537.36” is platform auth available: true
Thanks in advance for your help!
1 Like
Likely a password manager browser extension is installed that’s incompatible with cross domains passkeys (on desktop). I’d recommend using the passkey manager app on a iOS/Android device and upgrade from there. After the upgrade, the passkey manager will likely also work again on desktop devices.
1 Like
Thank you for your quick response.
I appreciate the suggestion about password manager extensions causing cross-domain passkey issues on desktop. However, I’ve already tried the upgrade on multiple devices and browsers, and the problem persists everywhere:
• My passkey is registered on iOS (via iCloud Keychain / Apple Passwords), but when I try to use it for the legacy upgrade on id. ai/legacy or during the NNS flow, I still get the same NotAllowedError or unexpected error.
• I’ve tested on:
• My main Mac (M2) with Chrome, Brave, Safari, and Firefox.
• My iPhone 17 where the passkey is synced.
• A completely clean Windows PC with no passkeys installed at all, no password manager extensions, and a fresh browser and still the exact same “Failed to authenticate using passkey: Unknown error: NotAllowedError” message appears after entering my number.
• No incompatible extensions like Dashlane or NordPass are installed (I’ve double-checked and even used incognito/private mode with extensions disabled).
This is really concerning for me because I have a significant amount of ICP staked in NNS, and it feels like my old Internet Identity number might no longer be recognized as valid during the migration process. The upgrade flow doesn’t complete at all, blocking access to my funds… and I’d like to stake more ICP.
Thanks in advance for your help. I’m quite worried about losing access to my staked ICP.
Best regards
Update:
We’ve found an issue with the new frontend II canister that appears to be breaking the upgrade flow, we’ll post here once we’ve any updates.
Your legacy passkeys are unaffected, you should be able to upgrade once the issue is resolved.
5 Likes