Is a new wallet created on every dapp I log into using Internet Identity?

I am relatively new to the ICP ecosystem, but have been using crypto wallets for a couple of years now and am pretty comfortable with how they work on other chains. I’m confused by how the II wallet works in relation to ICP (sending/receiving) and NFTs.

When I log into, it doesn’t show me anything related to my ICP balance or anything else in the wallet attached to that II. When I go to, there is a button that says “ICP Wallet”, and when I log in, it shows me an ICP balance along with other information related to governance/canisters/etc.

Based on my prior usage/knowledge of crypto wallets, I assumed the ICP shown to me when I logged into using my II would also be able to be used when logging into an NFT web site like Yumi, or a wallet like Stoic. But, when I log into those sites, it looks like they create an entirely new principle id and wallet based on my II? Will any new dapps that I log into with II create a new wallet that I’ll have to transfer ICP into in order to make a purchase? Is this how it is supposed to function?

It seems a little counterintuitive to how other ecosystems and crypto wallets work. Not that it’s a bad thing, it’s just a bit confusing to someone who has been using other wallets on other chains for a while. I assumed every site/dapp that I signed into using II would all use one wallet that was tied to my II.



« Internet Identity is a gateway to applications on the Internet Computer. When you use Internet Identity, websites cannot collect and share information about your online activity. This is because Internet Identity helps you create and manage anonymous, independent accounts for every website so that you get the privacy of having many different accounts without the burden of managing them. »

« Internet Identity uses a different principal (a “pseudonym”) for each dapp that you authenticate to using Internet Identity. Since the pseudonyms Internet Identity generates for you are different for each dapp, dapps cannot use them to track you outside of their realm »

« Internet Identity will give the user a different identity for every canister front end that they log into, which is great for security and privacy. If it were not so, Internet Identity would allow every front end to log in under the user’s single principal. If that user interacts with unrelated services — for example, a message board and a shopping site — these could behind the back correlate the user’s behavior on these sites. And even worse, the front end of the message board could maliciously call the canisters of the shopping site and make orders in the user’s name. Therefore, the Internet Identity service generates a different identity for every front end that the user logs into, with the front ends differentiated by their hostname. This way, a user’s actions on different services are not so easily tracked. While the front end is still able to call any canister on the Internet Computer using the user’s identity, it is only ever the identity that is associated with the front end performing the calls ».

« Dapps that integrate with Internet Identity prompt the user to authenticate using an identity anchor. If the user doesn’t have an identity anchor yet, it is easy to create one and add authentication methods to it. For more details, see How to use Internet Identity. For each device added, a pair of cryptographic keys (private and public key) is generated. The public key is stored on the Internet Computer blockchain, while the private key remains locked inside the authentication device together with any biometric data that governs access to it. Adding multiple authentication devices to an identity anchor allows the user to access dapps across all of their devices.

When a user accesses a dapp that uses Internet Identity for authentication, they first specify the identity anchor they want to use. After authenticating using an identity anchor using an assigned device, their browser connects to Internet Identity and generates a session key for use with that dapp. Finally, the user is asked to authorize access to the dapp.

The user’s browser downloads the authorization and then redirects the user to the dapp. The dapp verifies the authorization from Internet Identity and grants the user access as an application-specific anonymous identity called a pseudonym. Internally, users have a different pseudonym for each dapp, but a pseudonym for any single dapp is the same across all of the user’s devices. All devices of a particular user simple represent different methods they can use to authenticate their Internet Identity anchor. »

I give you some links to read more about this marvel, but as you can see it is mainly for your privacy :


Hey Roman, thank you very much for the detailed post and links! It definitely makes sense from a privacy standpoint. It’s nice to know I can use standard wallets across dapps, or use II if I want to maintain privacy. Thanks again.

1 Like

You’re welcome James. And welcome on board !

Hey Thanks for your post. I have some related question that maybe you might know the answer. Is there a way to Use the Internet Identity Authentication to log in into web2 services? i mean, i am creating a chrome extension, which as far as i understand the whole code has to be hosted in chrome’s directory and run locally in every machine is installed. i would like to Authenticate with this extension using internet identity. is that possible?

I am having the same exact issue except I sent 37 ICP to the account that was generated when I logged into “IC scan”, which I’ve noticed many people in the ecosystem still use, but they have not said anything on social media in a year and their discord is gone.

Sorry, I’m new… but I sent tokens to one of my addresses but now I’m trying to figure out how to access that address to send the tokens back out. I can literally find nobody else to help me in the entire ICP community.

One person in the “ICP Devs” discord told me this :

“It depends on the token, but ICP supports account addresses that are a combination of a principal + a 32 byte subaccount if you know the subaccount or how it was derived you should be able to recover…”

but then he stopped responding to me. Any ideas on how to access ones sub accounts? I remember back in the day with MyEtherWallet you used to be able to access all sub accounts controlled by one private key. Is there nothing similar for ICP? I’m new to ICP :cry: trying recover

Any idea on how to get tokens out of an account that’s not a wallet front end?

I assumed the one that was generated when I logged into the IC scan frontend was my wallet address.

But if I still own this account, there should be a way for me to still send from the account?