Hi, I wanted to start a topic Enhance security on identity.ic0.app but found this one and as it would be duplicated will just comment here.
Motivation: Users are supposed to properly secure their auth devices but at the same time are supposed to use them several times per day to access dApps, which are mutually exclusive requirements.
- I agree with
- This will allow owner of the Anchor to secure the passphrase and eventually use it as last resort recovery
- I shared idea for
had/dptype of device (hidden authorisation device/decreasing priority), but similar functionality seems covered by below proposal
- https://twitter.com/plsak/status/1470840499779031044?s=20
- Planned propsal:
- Note: this might seem to provide similar protection as hardening of seed-phrase change, but it’s actually more secure:
- passphrase can be copied or memorised during the securing process and then misused
had/dpdevice(s) could be secured on different places (different banks safes) making it’s unauthorised access nearly impossible
- Another convenient functionality would be to implement in Internet Identity option for
2FAsetup
- with password (simpler) or some authenticator app
- https://twitter.com/CliffJumbo2/status/1471626182324269056?s=20
- https://twitter.com/plsak/status/1471775537249112064?s=20
- https://twitter.com/plsak/status/1471779932955201538?s=20
- In simplest scenario Anchor which has this activated will be able to choose (when doing auth with Internet Identity) if will use a single method/device - unprivileged access or
2FA- to get all privilegesIIwould provide response (with privileged status) to originating dApp which could then simply restrict it’s specific functions (NNSto move funds or start dissolving,IIto remove devices etc.)
- with such setup could be even simple password login used for the unprivileged access
- that could result in increased dApps usage - as for many the basic access would be easier