Passkey login on nns.ic0.app — too permissive for ICP transactions?

Hey everyone,

Just wanted to share a concern about the current login and transaction flow on [nns.ic0.app]

Right now, when you log in with a passkey (e.g., Face ID or Touch ID), you’re instantly connected — which is great. But after that, you can send ICP or manage neurons with a single click, no additional confirmation required (no Face ID, no fingerprint, nothing).

Isn’t that a bit risky?

If the browser or a tab is compromised, an attacker could potentially trigger transactions without the user noticing — since the session is active and there’s no re-auth step for sensitive actions.

Wouldn’t it make sense to require biometric confirmation or some form of strong auth per transaction, similar to how Apple Pay or banking apps work?

Thanks!

Hi, I would like to up this message

The NNS dapp is designed to be easy to use for most of the users, yet provide the security features that advanced users need.

I’d strongly suggest that you invest in a hardware wallet and configure the NNS dapp to use one for your most precious accounts.

I think use passkey to validite transaction is very easy. Also, this feature could be enabled or disabled.

I don’t think it’s hard to use Face ID or fingerprint when I use Apple Pay. I think that use a ledger nano is less easy.

Face ID or fingerprint confirmation activation for nns transaction would be a good implementation.

UP… Again… This is so important. Why nobody care ?

I concur… I find this strange… I’ve noticed you can also remain logged in on sites like ICPSWAP with II… come back the following day and trade…

It doesn’t feel like that much to tweak it as suggested. Suggesting LEDGER for every user as security when they want everyone to know it’s safer than big tech is crazy…

There’s no debate here — this is a critical security flaw that exposes users to unnecessary risks. By not requiring re-authentication for transactions, the NNS dApp effectively bypasses the core principle of continuous verification.

Consider these potential consequences:

• Session Hijacking: A compromised browser or tab could allow an attacker to initiate transfers or neuron management without any barriers.

• Malicious Extensions: Just one rogue extension could silently trigger irreversible ICP transactions while you’re logged in.

• Physical Access Exploits: If you step away from an unlocked device, anyone could drain your assets in seconds.

That should be number 1 priority in roadmap.

suggesting users “invest in a hardware wallet” like Ledger. This is almost laughable when you consider that a core part of Internet Computer’s marketing touts the elimination of such cumbersome, external solutions - promising a seamless, self-contained ecosystem

does’nt icp has been designed to transcend friction and complexity ?

Please allow user to use passkey, biometric, password or anything for transactions

Perhaps this could integrate a user option, similar to 2FA on popular financial applications. Let the user choose whether they want to enforce a further step prior to transaction throughput, and tie it to the same mechanism used to add new devices to internet identities

up…. ! ! ! Do you consider to protect users from compromised browser ?

I agree. Can we have someone look at this? I don’t like this, I noticed on an ICP wallet there was no auth when sending money after initial log in. I need that.

Agree. It can all be done if a good proposal is made. I would vote for it.

UP ! I would like to feel safe when I connect to NNS please.