Internet Identity V2

This demo is still incomplete, but the balance of UX, information density, and branding is perfect - it’s moving in the direction I was looking for.

I’d like to express my respect for the team involved, and I’m eagerly awaiting the day v2 becomes production-ready!

I hope the original numeric login method can be retained, while adding more and better login options on top of it. After years of development and accumulation with II, I’ve already gotten used to logging in with numbers — it’s extremely secure and convenient. I sincerely hope the numeric login method will not be removed.

4 Likes

Can’t agree more, hoping keep ii and add other options, because Google is forbidden in some countries such as China, and it may loss some users

1 Like

When migrating existing II accounts, wouldn’t it be natural to keep the original account numbers as the default settings? Users should have the option to either modify them as needed or leave them unchanged.

Only the public key and delegations would be shared with external applications, so account names shouldn’t be exposed.

3 Likes

Congrats to the team, I am quite interested on the “Sign in with Google” feature. Please can you share any docs, github and the link of June 25th in the next GRD meeting? Thanks!

How about allowing the user to retrieve their keys so their not being held by the subnet? Often times I can’t log into the NNS because of some subnet error or maintenance, I think Internet Identity should evolve to something greater than it was originally planned.

Has anyone wondered who’s paying the cycles in the long run, is truly decentralized?

You dont need to use Google. Login via passkey.

Internet Identity is open source, you can find the code here, the spec that includes the OpenID Connect endpoints is here.

1 Like

Google is entirely optional, and we can relatively easily add other OpenID Connect Providers. Whether we add additional ones (and which ones) is still to be determined - are you aware of any OIDC providers that would work in China? (It has to be OIDC specifically, OAuth will not work)

Anonymity will not be compromised. Identity names are only ever displayed to you and never passed to any third party. You are also of course free to give a migrated Identity the same numeric name as before. (FYI, even on II v1 your Identity number is never passed to a dApp. All they ever see from you is a Principal.)

1 Like

This is why we like ii anchor: anonymity and security. My usual practice is to use Safari’s incognito mode. The browser won’t remember my anchor, so even if someone picks up my phone, they won’t know my anchor number and won’t be able to threaten my assets. The design of anchor can provide the greatest protection for our assets. This is what I think is the coolest part of ii anchor. I know you are updating ii v2 and will add new features. I think it’s possible to add new features while maintaining the functions of v1 ii. If users don’t like anchor, they can use other methods. But in any case, I hope ii anchor can be retained. Also, the anchor + mnemonic phrase method is the best way to store it, just like the private keys of BTC and ETH. This also aligns with the spirit of virtual currency web3.

7 Likes

I don’t know of any good OIDC methods in China. Of course, I know that twenty years ago, there was a Tencent product called QQ. It started with 6 digits number and has now reached 11 digits. It was a very popular product. The anchor design was also similar to this. Therefore, it is recommended to retain the functions of version ii v1. Thank you.

1 Like

Hey team

Just a couple of question re removal of identity anchors. How are these solved please. Thanks for your response in advance.

  1. If i am held at gunpoint by lets say GUNMAN and gunman wants access to my oisy wallet funds. Now since there will be no identity anchors i.e I will only have 1 account via passkeys on my iPhone. Then all Gunman needs to do is go to oisy and show my face to my phone and voila they ll have access to my funds. Without a layer of identity anchor numbers arnt people un-protected from such a situation.

  2. If i want to create multiple identity accounts lets say personal and business (in v1 they can be accessed by passkeys on a phone with different identity anchors) but with v2 will i be forced to keep them in the single account (even though i can create multiple accounts within the new identity v2 but they will still be accessible by the same identity/passkey combo)?

  1. With II 1.0, the list of last used identity numbers is remembered by the browser and shown as a list, basically resulting in the same FaceID scan scenario you’ve described.

    In both II 1.0 and 2.0, you can clear your browser data or use incognito mode to avoid keeping track of last used identities.

    A better alternative that doesn’t rely on - in your scenario risky - non-cooperation I’ve seen in traditional banking is a transaction limit within a given time window. This would be an interesting feature that a wallet like e.g. OISY could implement.

  2. With II 2.0, you can have both multiple identities and multiple accounts. The existing multiple identity functionality is not going away.

    With multiple accounts we hope to cover most use cases, so multiple identities will only be needed to e.g. keep a legal business entity separate from a personal identity.

Dear Dfinity Team,

I hope this message finds you well.

I would like to express a concern regarding the current security model in the Network Nervous System (NNS) and other wallets on the Internet Computer. As it stands, no authentication is required for transferring funds between accounts, which may leave users vulnerable.

If a malicious actor—such as a hacker or thief—gains access to a user’s device while they are logged into the NNS or other apps like ICS, there is currently no additional layer of authentication needed to authorize a fund transfer. This could lead to unauthorized transactions and significant losses.

To mitigate this risk, I would like to propose that Dfinity consider implementing an option for users to enable additional authentication for fund transfers. A solution like a passkey or at least a PIN, similar to what OpenChat has implemented, would provide an added layer of security and peace of mind for users.

I believe this would enhance the overall security of the platform and protect users’ assets from potential threats. I appreciate your consideration of this suggestion and look forward to hearing your thoughts on this matter.

2 Likes

If I understand correctly, these concerns are with the NNS and other wallets, not specifically with Internet Identity.

In that case, I would recommend to bring this up in it’s own dedicated forum thread instead of the current thread.

Keep in mind that if your concerns extend to wallets beyond the NNS and OISY, it would probably be better to reach out to those developers directly e.g. on their Discord channel.

1 Like

Thanks @sea-snake for your response, much appreciated.

Re the FaceID scenario. I do use incognito and end up entering my id 1.0 everytime so the FaceId risk scenario wont be applicable to this use case.

I just tried try.id.ai for 2.0 and even while using the incognito mode -

(Continue with passkey → use an existing passkey → a list of all my passkeys pops up)

it asks me to log in with passkeys and shows me a list of passkeys which does not cater to the above FaceID risk scenario.

Am i missing something here?

Thanks for clarifying re multiple identities.
If all my multiple identities can still be accessed through the passkeys registered on my phone without a layer of random identity anchor. Isnt that worrying?

Again thanks a lot for your response and apolgies if i am missing something obvious or maybe try.id.ai is not fully functioning how it is supposed to.

Cheers
Adi

1 Like

Yes that’s a fair point, with discoverable passkeys they do show up to choose from a list instead of having to enter/choose an identity number first.

As mentioned earlier in this thread, on a technical level identity numbers were never intended as a security feature.

Technically, even with passkeys created in II 1.0 you don’t need to know the identity number to authenticate due to how both the browser API has changed and passkeys were designed in the first place.

Passkeys don’t have the same security model as traditional passwords (only you know it), a seed phrase is more in line with that security model and also supported by II.

If you want to avoid relying on FaceID for you passkeys, the following options are also available:

  • Internet Identity supports a YubiKey with a pin, there’s a max allowed attempts after which the device resets
  • Use a 3rd party passkey manager that allows you to use a pin instead of FaceID

Personally, for higher value assets, I’d recommend a YubiKey over a Passkey given that the latter is stored by e.g. Apple, Google or some other passkey manager. Additionally, you can also use a ledger HW wallet to manage funds more securely.

Overall, I do think that security by non-cooperation isn’t a great security model. Instead I would recommend other solutions as I’ve mentioned above like transaction limits within a time window.

1 Like

Thanks for your response, clarification and suggestions on what can be done.

Will it still be possible to use 1.0 or will be mandated for all to use 2.0?

Thanks again!

2 Likes

I think currently, logging in with ii identity is also very secure. Throughout history, wallets logged in with II identity have never been stolen. To be honest, I quite like the login method with II number because it’s convenient. I also welcome the upgrade to IIV2. The replacement II will be safer and better. I sincerely hope that the upgrade can retain the anchor point of IIV1 because investing in equipment is very conservative. I wouldn’t say that if I put 1 million US dollars in my computer, I can give it to others at will. That’s impossible.

2 Likes