There’s sort of an overlapping issue here with the topic of Can’t recover my Internet Identity that i created in identity.ic0.app from the identity.internetcomputer.org address . If you setup a recovery phrase it would function independent of URL, but presumably (the rest of the post would be mostly irrelevant if I am wrong here) the key on a recovery device would only function on identity.ic0.app vs identity.internetcomputer.org vs some other particular domain/url.
Currently, it seems one is only allowed to have a single recovery device, so there’s no way to store a backup that would work at each of those URLs. While you can associate passkeys to the same ID from different URLs, it requires you to duplicate all your passkey devices consuming two times what should be required among the eight total allowed passkeys as well. This being the case, it seems like a solution would involve allowing at least 2 recovery devices so that you can back up the account against the multiple URLs the Internet Identity (II) host is associated with. In order to allow safe backup of accounts, it would be helpful to know if there is information regarding longer-term plans for hosting IID at identity.ic0.app vs identity.internetcomputer.org or use of any other domain for the same purpose. Unfortunately, dApp developers have, in general, been forced to make a choice using a mixture of these
leading to the confusing scenario for users where they are then sometimes able and sometimes unable to login using an IID whose collection of passkeys has been associated with one of the two (or more?) domains at which IID is exposed. While this may be acceptable for short-term passkey login, it doesn’t seem acceptable for account backup to only allow a single device forcing users to try to guess which hostname is likely to remain around the longest.
Of course, at a certain level, so long as DNS with centralized authority is being used at all, there is always a risk that a human-readable hostname is mutable relative to the underlying physical set of target endpoints.
If there is an ironed out recovery approach based on the hardware recovery device that bypasses the UI it would be great to have a pointer to its documentation.