I am diving into the DFINITY ecosystem and working with Internet Computer (IC) and Internet Identity, but I have some questions about best practices for managing multiple dapps securely. I’ve set up Internet Identity, but as I explore different IC dapps, I’m curious about potential security implications or limitations.
Are there best practices for managing my identity across multiple dapps?
How does Internet Identity handle permissions between dapps?
Any insights on securing my seed phrase or backup phrase?
Any advice or experiences you can share would be super helpful! I’m excited to make the most out of this ecosystem, and getting a handle on security is a top priority.
I’m not a developer, but I’ve been working on securing my assets before I become wealthy with ICP. Assuming Internet Computer Identity is secure, I’m focusing on managing dApp connections. Here’s my approach:
Multiple Identities: I bought several IDs from idGeek, each with 1,000 ICP for long-term investing. These IDs have different dissolve dates to meet long-term capital gains tax requirements. They are only used on investment-related dApps.
Separate Wallets: Each dApp provides a unique wallet for each ICP ID. I use different IDs for work and personal use, ensuring separation even if using the same dApp.
Seed Phrase Management: I split seed phrases across different IDs and look forward to a secure ‘lockbox’ for storing them. This method allows me to reassemble access if needed, despite being complex.
While ICP security is solid, I use these methods to minimize risks from human error.
This two things together are tricky. If you buy an internet identity anchor then you buy the anchor’s assets and liabilities both. For example, the previous owner of the anchor could have set up some allowances that you don’t know about. That’s an example of a “liability”. You have to very careful to check that. If the anchor only holds ICP then maybe you can check on the ICP ledger that no allowances exist for the relevant principals. But then make sure you don’t use the anchor for anything else than ICP.
