Internet Identity Lack Of Security

I am really curious if given the amount of dispute around mnemonics whether dfinity can access directly or indirectly the mnemonic seeds? I just see this as a bit of a potential security lapse if that is the case.

Hi, I wanted to start a topic Enhance security on but found this one and as it would be duplicated will just comment here.

Motivation: Users are supposed to properly secure their auth devices but at the same time are supposed to use them several times per day to access dApps, which are mutually exclusive requirements.

  1. I agree with
  • This will allow owner of the Anchor to secure the passphrase and eventually use it as last resort recovery

  1. I shared idea for had/dp type of device (hidden authorisation device/decreasing priority), but similar functionality seems covered by below proposal
  • Planned propsal:
  • Note: this might seem to provide similar protection as hardening of seed-phrase change, but it’s actually more secure:
    • passphrase can be copied or memorised during the securing process and then misused
    • had/dp device(s) could be secured on different places (different banks safes) making it’s unauthorised access nearly impossible

  1. Another convenient functionality would be to implement in Internet Identity option for 2FA setup

I just would like to mention that dApps in this blockchain might be targeted by bots. Thoses bots would flood the website/App and lead to useless loss of cycles from Dev.

So we might want to be sure bots cant log in that easily, and for this scenario a mix with people´s party could be required.

1 Like

Thank you, that is a great point.
And sure, enabling of the 2FA could be for example allowed only for Anchors which passed People Party…?

I think that the security of communication on the Internet is an unsolvable issue. In fact, many sites in the world depend on servers that host their information. Cloud storage is not safe either.

The security of communication over the internet is
raison d’etre for the Internet Computer. I.e. IC IS SOLVING for this exactly. Please see Inside the Internet Computer | Certified Variables - YouTube for the how.


At ppl party you have to go to a location, and return to it during the ppl party. it is pixelated and no one can see who you are, during the ppl party.

Once you have completed the ppl party, Why dont we create the option to save the location as a sort of seedphrase replica or add it as “option 2 secret phrase” so to say.

to have a device return to the location in order establish it as High priority device, in case someone else is currently trying to get hold of your account, returning to the location with a device could lock it as mother of devices for a short time so you can regain control of and kick out devices from your internet identity that dont belong to you.

At the same time, it should be made much harder to remove accounts from your Internet identity, at least you should need a seed phrase or a 2fa verification before being able to remove devices.

I have no IT background and no idea if this is a good idea :smiley:

a problem, if you moved far away from the location, it could be a hassle in case you need to act quickly, but if it is a neuron staked account, it should be a decent option. to regain control of your neuron at least.


What if you lose your seed phrase and can’t recover it? Then there should be some kind of “Forgot my password” way of generating a new seed phrase. I understand that one should save their seed phrase to a secure place and never lose it. But accidents happen and the higher the adoption the more non-technical people will come to the IC. Many of these people will eventually lose their seed phrase. Should they lose therefor their access to staked neurons?

On the other hand it’s a security risk to be able to change one’s seedphrase without entering it. Tough to balance

1 Like

How have people done since the beginning with the seedphrase of their Ledger Hardwallet in which they have Bitcoins, Ethers, etc. ?

1 Like

I think the IC aims for a much larger audience than the number of BTC and ETH users. Most of whom use something like Coinbase or Binance to begin with, where you don’t have to deal with seed phrases.

1 Like

I sincerely agree with you ! But we are not talking about the same thing : I was not giving this solution as a definitive solution, but just as a temporary solution that it would be simple and quick to set until we find a more satisfying solution, this again until we find THE solution.


Alright, that makes sense. We probably agree more than it seemed like from the first few interactions. I’m really curious how “THE” solution will look like. Dfinity have some of the greatest minds working there, I’m sure they’ll figure something out.


Also note for the

=> purpose of hidden is improved protection - even if account is compromised (one of devices stolen) or there is a physical attack (happens for BTC), the attacker won’t be able to request all devices as he/she won’t ever see them - never will be sure that got all, which might discourage a major number of possible thiefs.


Very good idea ! Is it already set ?

1 Like

hi, there is a monthly working group meeting on Internet Identity and Authentication: Working Group: Identity & Authentication Come and join us. FYI @frederikrothenberger