Internet Identity is slowing IC adoption

Internet Identity is not a must to use except for NNS . And i prefer to leave it that way for maximum security.

Some of the dapps are not using II . They are using wallets like plug and stoic . And you do not need II to create plug or stoic.

1 Like

Internet Identity is not a must to use except for NNS.

Not true at all, almost all dApps outside of the NFT/DeFi space use II: DSCVR, Distrikt, Dsocial, etc…

And i prefer to leave it that way for maximum security.

You can always create multiple ancors for multiple use cases and how is a wallet like plug more secure than II? Besides in my opinion if we want to have widespread adoption the web 3 space must move away from wallet based authentication, its too complex for the average user, II if improved would be much better and safer as it resembles what users are already used to.

5 Likes

Internet Identity is not a must to use except for NNS.

Developer can choose not to implement II as a login option…

2 Likes

True but that doesn’t they won’t or they shouldn’t, as I said most dApps in the social space are already using it and rightfully so, why make your own system, which you have to implement and maintain when professional coders at Dfinity have already released a functioning one?

Just cause they theoretically have the option it doesn’t mean we can’t advocate for II to be improved, all the points I mentioned would make the NNS experience better too.

3 Likes

Internet Identity is a true novelty and SHOULD be used everywhere. Have to find ways how to make it maximum security but also approachable for people.

You don’t need a biometric scan nor a hardware wallet. A phone works just as fine. But if you have, you can have 2 access points + the seed phrase. Personally, I find it very convenient to use and it is the simplest way to onboard people to crypto. It is native with browsers and entirely on-chain.

2 Likes

There are many ways how to improve the II even further. It is not complete. I believe adding a scalable way to translate the critical stuff could help out. Here’s a proposal discussion for this:

Some things you mentioned here (OTP/QR code, granular control and admin level) are definitely on the roadmap, we just haven’t gotten to it yet. :pensive:

For “Pseudonyms for Anchors”, I think that’s a great idea! How would that work exactly? Are you thinking of e.g. generating a pair of words based on the anchor number for instance? Having user-specified pseudonyms will be a bit tricky to implement.

Finally regarding browser compatibility, can you clarify what the issue is?

I think this isn’t such a bad thing, at least for now. The IC ecosystem is very young, and it’s really good to have all those different players! One thing that would be absolutely great is to have say a base authentication mechanism like II, but with pluggable 3rd party features; but maybe I’m dreaming a little…

3 Likes

we just haven’t gotten to it yet

Good to know, I’m really looking forward to see them implemented.

How would that work exactly?

Ideally we should be able to choose a unique keyword, similar to a nickname or email.

browser compatibility

Not sure if anything has changed recently but at least on mobile II login is only supported with Chrome. So for example when using Distrikt’s app I have to switch default browser everytime the session expires.

The NNS and Internet Identities should be easy enough for the very elderly and tech illiterate people should be able to use it. I don’t think we’re at that point.

5 Likes

This can’t be understated enough. If ICP could fulfill on delivering to “this kind of userbase” it would certainly set a new precedent, reflecting on what ICP is already capable of, while at the same time raising the bar for what could be expected when using the internet.

1 Like

Likely there are some things that could be done to leverage the power of II with ZKPs.

Also, it would be nice if we could reduce logging into one or two steps process.

Ok, I’m guessing you mean on Android? Will try to reproduce this, thanks for bringing this up

@frederikrothenberger is implementing this right now! should be live next week

2 Likes

Hi @Zane

Regarding the Android & II Login problems: It seems not to be as clear cut. Firefox does work as well (at least on my Android 12 device). However, WebViews embedded in apps (which is what Distrikt uses for login) seem to behave differently than the full browser apps regarding WebAuthn. The Firefox WebView currently does indeed not work (on my phone at least). Thanks for pointing this out. I have added this bug to our backlog.

Could you post the versions & device that you are using and also which browser you normally use.

In the long term, we probably want to address this issue by switching to a redirect base protocol, which should hopefully fix most the UX and compatibility problems regarding WebViews.

3 Likes

So I ran across some issues on the Internet identity on the week end. I had previously added two apple devices using a security key, I decided I wanted to use my thumb print instead so set them up again to use that. This worked for a while but after a computer restart the thumb print option was totally missing from both devices and it was asking for my security which was not with me at the time.

To resolve this I had to totally remove the devices and set them up again. In doing so I noticed several issues with the internet identity user flow.

One biggie is there is no link to the internet identity app when you try to log into the NNS app, you have the app specific login screen. On the screen the full army of options is missing. But the screen makes it look the same as being on the full internet identity app. This would be very very confusing for new and novice users.

Also when on the full app certain important options don’t appear unless you are in a certain state, so for example I had to remove my identity anchor before it would give me some options. This again is confusing to new and novice users.

I would suggest that when you login to app using the internet identity that the should be a link to the identity app in case you run into login issues. In the identity app all potential options should always be shown to the user always knows the full range of options available. If an option would not work due to the current user star then grey it out but don’t remove it.

One other thing is we need to be able to have more than one security key back up, this allows users to have them in different locations in the event that one is lost.

Hey thanks for the great feedback!

Can you clarify this? What do you mean by “no link to the II app”?

I have never seen this put into words but you’re completely right, and this has been annoying me for quite some time now. We (@frederikrothenberger) are actually working on an improve authentication flow when you come from another app; it’ll then actually look like a different screen! I for one can’t wait for this to land.

You mean physical key fob? You can add more devices as “regular” devices, wouldn’t that work?

1 Like

Thanks for taking a look!

So to clarify when you use the identity to login when on the NNS app, it takes you to the NNS app.That is logical
When you log directly into the Identity.ico.app it takes you to anchor management.

There is no way to get to anchor management if you login to the NNS app but because the identity app pages look the same this is very confusing.

Ideally from a user perspective all options would be available to you however you access the internet identity.

If I add a new device I cant add a new fob for it, so must use the existing one, which is no help if I loose the fob. So the extra device is pointless in that case.

After setting up thumb print again on my iPhone, it is now asking me to use my security key to login. This is concerning because if I loose the only security key associated with my account I will be locked out.

1 Like

I have a Samsung S8 running Android 9, my default browser is Brave, iirc II didn’t work with it until a few months ago, but I recently tried and it’s as you say, WebView is broken, but the browser itself works.

I’ve also read about some compatibility issues on Apple devices but I guess there is nothing you can do about them and it’s good old Apple poorly implementing standards as usual.

Yes I agree that IC adoption is hampered by it, but not because of II technology itself but the fact that majority of IC apps are relying on it solely. Maybe DFINITY documentation should recommend a secondary login method at minimum for people less concerned with their security.

Even II itself could be upgraded to include software based authentication as long as the concept of admin devices is introduced along with it or it’s possible to make it opt-in only.

2 Likes