Internet Identity Lack Of Security

Must be added more security measure for people who using NNS app.

  1. Seed must not be deleted or if it need to do then previous seed must be entered and also there should be a time format attached to it after that it will change like a week or 15 days time & it shoud be appear in the NNS app so that user can be known to this fact it will be changed after specified time .

  2. Same should be applicable while we wanted to change the authorised devices . It should come with a time period attached with it . Its very scary and concerning that someone looses all his savings due to lack of security from IC. Would be happy to see a proposal for it asap.

1 Like

I don’t agree with the second point because in case someone takes your authorised device (your phone for example) and you recover your II in another device and try to delete the lost phone from your authorised devices then that would pose a problem, the malicious party would still have access to your II until the countdown is over, and could try to delete your new device or do some other damage to any other dapps you will be connected to.

Thank you for your reply , I think in this case 2FA will be more advisable like" authy " or Google authenticator or yubi key type solution to remove or add new devices . But seed must not be changed once it’s stick to any internet identity or its should be notified to the user by any means if any one try to change or delete it .

1 Like

Thank you @coteclaude (merci!) for the summary. I am concerned about security and Internet Identity. The NNS seems to have several issues that are currently pending. Leading me to these points:

  1. As far as I understand if someone were able to access whatever method you use to authenticate (phone,ledger,yubi) they would be able to alter your seed phrase? So we are talking about vector of attack is entirely physical?

  2. As far as I have read a proposal to fix this problem is adding a recovery device when neurons are staked. With a time period so long with so many variables that could happen, it seems that this needs to be ironed out before I am comfortable adding more to a neuron.

  3. It seems that the proposal to return the ICP to the stolen neuron and back into @xiaobing 's account could have been totally preventable if the seed phrase wasn’t changeable. Is this an accurate interpretation?

Thank you, anyone, for humoring my questions, I think we all would like to see the project grow to a healthy and stable future.

1 Like

check this out! Long Term R&D: Internet Identity (proposal) - #5 by maria


I am really curious if given the amount of dispute around mnemonics whether dfinity can access directly or indirectly the mnemonic seeds? I just see this as a bit of a potential security lapse if that is the case.

Hi, I wanted to start a topic Enhance security on but found this one and as it would be duplicated will just comment here.

Motivation: Users are supposed to properly secure their auth devices but at the same time are supposed to use them several times per day to access dApps, which are mutually exclusive requirements.

  1. I agree with
  • This will allow owner of the Anchor to secure the passphrase and eventually use it as last resort recovery

  1. I shared idea for had/dp type of device (hidden authorisation device/decreasing priority), but similar functionality seems covered by below proposal
  • Planned propsal:
  • Note: this might seem to provide similar protection as hardening of seed-phrase change, but it’s actually more secure:
    • passphrase can be copied or memorised during the securing process and then misused
    • had/dp device(s) could be secured on different places (different banks safes) making it’s unauthorised access nearly impossible

  1. Another convenient functionality would be to implement in Internet Identity option for 2FA setup

I just would like to mention that dApps in this blockchain might be targeted by bots. Thoses bots would flood the website/App and lead to useless loss of cycles from Dev.

So we might want to be sure bots cant log in that easily, and for this scenario a mix with people´s party could be required.

1 Like

Thank you, that is a great point.
And sure, enabling of the 2FA could be for example allowed only for Anchors which passed People Party…?

I think that the security of communication on the Internet is an unsolvable issue. In fact, many sites in the world depend on servers that host their information. Cloud storage is not safe either.

The security of communication over the internet is
raison d’etre for the Internet Computer. I.e. IC IS SOLVING for this exactly. Please see Inside the Internet Computer | Certified Variables - YouTube for the how.


At ppl party you have to go to a location, and return to it during the ppl party. it is pixelated and no one can see who you are, during the ppl party.

Once you have completed the ppl party, Why dont we create the option to save the location as a sort of seedphrase replica or add it as “option 2 secret phrase” so to say.

to have a device return to the location in order establish it as High priority device, in case someone else is currently trying to get hold of your account, returning to the location with a device could lock it as mother of devices for a short time so you can regain control of and kick out devices from your internet identity that dont belong to you.

At the same time, it should be made much harder to remove accounts from your Internet identity, at least you should need a seed phrase or a 2fa verification before being able to remove devices.

I have no IT background and no idea if this is a good idea :smiley:

a problem, if you moved far away from the location, it could be a hassle in case you need to act quickly, but if it is a neuron staked account, it should be a decent option. to regain control of your neuron at least.


What if you lose your seed phrase and can’t recover it? Then there should be some kind of “Forgot my password” way of generating a new seed phrase. I understand that one should save their seed phrase to a secure place and never lose it. But accidents happen and the higher the adoption the more non-technical people will come to the IC. Many of these people will eventually lose their seed phrase. Should they lose therefor their access to staked neurons?

On the other hand it’s a security risk to be able to change one’s seedphrase without entering it. Tough to balance

1 Like

How have people done since the beginning with the seedphrase of their Ledger Hardwallet in which they have Bitcoins, Ethers, etc. ?

1 Like

I think the IC aims for a much larger audience than the number of BTC and ETH users. Most of whom use something like Coinbase or Binance to begin with, where you don’t have to deal with seed phrases.

1 Like

I sincerely agree with you ! But we are not talking about the same thing : I was not giving this solution as a definitive solution, but just as a temporary solution that it would be simple and quick to set until we find a more satisfying solution, this again until we find THE solution.


Alright, that makes sense. We probably agree more than it seemed like from the first few interactions. I’m really curious how “THE” solution will look like. Dfinity have some of the greatest minds working there, I’m sure they’ll figure something out.


Also note for the

=> purpose of hidden is improved protection - even if account is compromised (one of devices stolen) or there is a physical attack (happens for BTC), the attacker won’t be able to request all devices as he/she won’t ever see them - never will be sure that got all, which might discourage a major number of possible thiefs.


Very good idea ! Is it already set ?

1 Like

hi, there is a monthly working group meeting on Internet Identity and Authentication: Working Group: Identity & Authentication Come and join us. FYI @frederikrothenberger