the thumb print option does not show when trying to login.
It has stopped work for II login on iOS and OSX. If I re set up the devices it works for a while then stops working again.
Very odd. In order to get more data, what browsers have you tried? In the meanwhile, we passed this thread to the II engineering team
Safari both times, I forgot to try on another browser will give that a go. Thanks!
still didn’t work with firefox
Firefox doesn’t support FaceID/TouchID, so for using web authentication in Firefox one needs a USB security key. So that is expected, and it would require a fix in Firefox.
Regarding Safari: Do you happen to clear your browser history just before it stops working? For some reason, upon deletion of the browser history, Safari (both iOS and macOS) will remove all web authentication keys as well. As with Firefox, this is beyond our control, but you should be seeing a big fat warning page when creating a new identity anchor with Safari.
2 Likes
I possibly did, but this would this not make phone print security impossible for apple hardware? That would mean they are also useless as backup devices?
I agree that it certainly degrades the user experience on those devices and I do not understand why iOS and macOS behave that way. (That behavior is documented by Apple, but without giving rationale.) Which is why we explicitly describe this behavior when registering with those devices – it is certainly something that users would not expect.
And indeed I would suggest against using an iOS/macOS device as a backup mechanism. I’d suggest using FIDO U2F on the Ledger app and/or the plain recovery phrase that II also supports.
but there is only the ability to dd a single security fob, so if that gets lost or stolen any extra devices are pointless.
I wanted to move ICP off a exchange wallet onto II, but the II seems to be more prone to becoming inaccessible.
Not quite. You can add up to 10 devices to your identity anchor, and right now (that has been criticized elsewhere and will be improved in the future) any device can add/remove any other device. So you can just add whatever number of devices you feel comfortable with to your II. You can also use two browsers on the same computer (e.g. Safari and Chrome on macOS; Chrome does not suffer from the same history-deletion behavior).
For secure management of ICP tokens, I’d anyway suggesting to use a hardware wallet – at least for non-trivial amounts.
Sorry I seem to be missing something, if I have to add the same security fob for each device then I only have one security device the security fob?
I’ve just tried chrome on osx and my thumb print will not work there either
A “device,” from a technical perspective, corresponds to a public key. When you use TouchID/FaceID, then that public key is associated with a private key in your computer’s/phone’s secure enclave. (Each of your devices will have a different key.) If you use a Yubikey or similar (which you may be referring to by “security fob”), then the private key is held on that USB device and the same Yubikey will work across multiple computers/phones (and browsers) – there is no need to add each such computer/phone individually.
Not sure why TouchID with Chrome isn’t working for you. Are you using the latest OS/browser?
The problem is that you need to use the same yubi key across all devices, so if you loose that key the extra devices are pointless. For them to be used as backup devices you need more than one way to login.
Maybe concerns over security have taken priority over concerns about users loosing access. But losing access is a much more likely scenario for most people.
Os is OSX11.1 and chrome is up to date.