I think the security problem of Internet Identity solution should be placed in top priority. It can’t be delayed anymore. Otherwise a lot of people won’t take the risk of using their Internet Identity with other authentication devices than yubikey or ledger FIDO(U2F) on desktop, won’t have patience to create another Internet Identity without neuron and ICP staked for using it with other devices more practical to use dapp with fluidity and won’t have patience to connect their yubikey or ledger just to use a social dapp, what it is eventually very bad for massive adoption, cause having to connect one’s yubikey to Desktop before interacting with Facebook would be a non sense. For example, I can’t use any app on my iPhone, because I don’t want to risk hacking of my internet identity and lose my staked neuron, so I would like to often connect to distrikt etc, but I rarely do, because it is a lot of steps to do this…
Everybody should claim the Internet Identity seedphrase can’t be removable or changeable without having to enter the seedphrase in the first place. This risk of seeing one’s Internet identity and its associated staked neuron lost forever is insufferable. None whale wants to take such a risk ! It has to be corrected ASAP. I already talked about this several times, but no one among @Dfinity or Dev seems preoccupied by this eminent lack of security whereas users are ! Without this, again, no massive adoption.
If we had to enter the seedphrase before removing it, we could still be hacked and have our Internet Identity and then our neuron stolen for a while, but not forever ! So if our ICP are staked, we even don’t lose anything, cause we just have to enter our seedphrase and suppress the device that the attacker would have installed since the stealing. But if the attacker can removes our seedphrase, because he is not asked our seedphrase before being able of removing it, and after this just has to create a new one, our neuron and more globally our Internet Identity is lost forever !
People with big amount of ICP are terrified about being stolen like this forever, so add the non removability of seedphrase without before entering the seedphrase, like google, apple and any companies do for account. It is a non sens that we can suppress a seedphrase so easily and create a new one just after, it is a nightmare for anyone, overall for big investors who consequently remains investors, but non users, cause too much scared for taking the risk of connect app with a phone.
But even without speaking about investment, as long as people won’t be able to be reassured about the possibility of taking control of their Identity back, because their seedphrase is not removable as easily, a lots of people won’t take the risk to develop a full identity who can be stolen in one second forever.
So people, let’s talk about this, and make the seedphrase non removable without having to enter it in the first place to defend the big amount of icp staked and to allow people to take control back sooner or later.