Protected Recovery Phrases: Proposal to upgrade Internet Identity

Hi everyone

The long awaited protected recovery phrase feature is finally ready! This feature allows to protect recovery phrases so that they can only be removed by entering them again.

We have submitted a proposal to upgrade Internet Identity to a new release: release-2022-07-05

You can test out the new version on our staging deployment here: https://fgte5-ciaaa-aaaad-aaatq-cai.ic0.app/
To test the login flow, use the following demo application: https://ec6lp-3iaaa-aaaad-aaavq-cai.ic0.app
Note that since this is a staging deployment, you will have to create a new anchor in this environment.

A few screenshots to show the process:

  1. If you don’t have a recovery phrase: create one

  2. Enter device settings of the recovery phrase
    Screenshot 2022-07-05 at 11.06.04

  3. Select “Protect”
    Screenshot 2022-07-05 at 11.05.28

  4. Enter recovery phrase

  5. The recovery phrase is now protected! :slight_smile: Screenshot 2022-07-05 at 11.05.47

This feature is opt-in. Existing recovery phrases will still be removable by any device until protected.

Note: For security reasons, it is recommended to protect the recovery phrase. However, be sure to keep the recovery phrase safe. If it is lost, the recovery phrase cannot be removed or changed anymore!
(that’s the whole point :wink: )

This feature is a community contribution by @oleksii, @dostro and @lastmjs. Thanks a lot! :smiley:

27 Likes

This was such a great community initiative. Thank you so much to all - feeling much more secure.

1 Like

I wanted to bring up a possible improvement about how we handle recovery phrases. When you go into your anchor management it looks like this:
recovery
You see that you have a recovery phrase configured but you have no way to check if the one configured is the one you think you have configured. Of course you shouldn’t have written down the phrase alone on a piece of paper without also writing down what the phrase is for. Or did you forget that? Even if you have written it down there is an additional problem because the recovery phrase can change. Now you also have to write the date on it and when you shred a phrase you have to make sure you hold another paper with a newer date. There should be some way to identify the phrase. Could we display the first two or three words here? With 24 words our phrases are long enough to allow that kind of entropy loss. But it would be good to have some identifying information that can be displayed and is covered under the checksum.

Why do I write this in this particular thread? Because I think it becomes more pressing if we can “protect” a recovery phrase. The protect dialog looks like this:
protect
I find it scary to that if I click “protect” I’m locking in a phrase that I can never delete again, without any way to confirm that it is indeed the phrase that I think it is.

Two words contain 22 bits of information which means a 1:4 million chance that two phrases start with the same two words. With three words it is 8 billion.

1 Like

@timo

I agree, that it would be nice to have a better way to distinguish seed phrases.

However, even without that feature you don’t have to be scared of the protect button. When clicking it, you will be prompted to enter the seed phrase. The operation will only proceed if it matches the one that is actually there. So there is no risk in protecting a seed phrase that you do not know. But we should make this more clear in the UI. Thanks for pointing that out. :slight_smile:

1 Like

Lol, I obviously didn’t try it. Can’t get more confirmation than that.

1 Like