can you confirm whether a single yubikey can be used to log in on any device? Or whether a yubikey is tied to only authorizing login to a single device? Thank you
Also, whether a second yubikey registration requires a different device but then once registered can be used on any device? Or if the second yubikey can be registered on the same device the first yubikey was registered on.
It’s portable, your “internet identity” is stored on these keys, not the computer you’re using. The reason why you need another device for another key is because the first device has to confirm the second device in the browser, after that you should be able to hot swap. You may get away with just using multiple browsers at once, however I don’t have multiple keys so I haven’t tested this (would require your browser to let you select which key you want to use).
Using Ledger FIDO U2F app which is equivalent to Yubikey to access internet identity ( which is associated with a ICP address) is a workaround until native ledger support is available.
Actually I added new device using just lock screen on my backup Android phone, so basically just 4 number pin not super safe, but at least I have backup device, originaly created identity on my iPhone, will need to get Yubikey or update my MacBook pro.
Hardware keys are really good for day-to-day security, but for anything else you can’t beat a seed phrase. Especially for a project with a 20+ year road map, this seems like a very myopic solution. People will die, and ICPs will get lost because of this.
I take my estate planning rather seriously. My closest relatives are on the other side of the world. The best I’ve found so far for ICP is FIDO U2F on a Ledger, using the Ledger seed phrase. But that also means I need to buy and ship them a Ledger that’s completely unnecessary for anything else.
I like the fact that Dfinity takes a secure-by-default approach. Remember the early days of Ethereum when everyone just created their key pair on MyEtherWallet and got hacked or lost it so easily.
And when hardware wallet support is here, you can just use the recovery seed from that device.
It’s fine for now but a recovery process is extremely important for mainstreaming. I’m not saying passphrases or raw keys are the answer (nor possible in this case) but there could be some process of multifactor recovery in the works.
Many people don’t have second devices, and certainly not ones that are trustworthy. It’s easy to forget that for most people none of their devices are particularly secure from family or even work colleagues, and a second device, usually a computer, is commonly used by multiple people in a family.
If a recovery system involved m of n other devices working together and a time lock then that would work, also because companies could offer it as a service (they could be m factors but you could have more). At the moment backup devices are all or nothing, and a single device has permission to do anything.
The same process could also lock an account if hardware was stolen to prevent theft before recovery. This would be good even for the more techie people here. Essentially what we’re after is the core wallet software to be more like gnosis safe.
Is this possible with the tech, subject to some system changes of course?
So far, we haven’t heard of anyone losing their wallet to hackers so far, and that’s because private keys are not involved in the wallet creation. That just proves that private keys are bad for the masses. This is what the MyCrypto team have been hammering for many years.
It’s now left for everyone to keep their (newly introduced) recovery seed safe.
And if you think the seed words method is too risky, you can simply create a recovery hardware key.
To anyone in this thread that hasn’t seen the news yet:
We’ve added the ability to generate a Seed Phrase as a recovery mechanism or use an extra security key (recommended).
These recovery options will not work as authenticators for day-to-day logging in, but you can use them to add/remove other registered devices. We decided this strikes a good balance between securing users accounts and protecting our users from being hacked by exposing their passwords/seed phrases.
I have backed up my seed phrases, however, when I try to test recovery function on nns.app, it says
“Failed to recover
You do not have any recovery devices configured. Did you mean to login with one of your devices instead?”
So where can I use the seed phrases if I lost access to my wallet? What’s the recovery configuration on nns.app?