Why does Internet Identity require biometric auth?

On the devices I’ve attached to my II number, I can always choose “enter device password” instead of using my fingerprint. If it’s the case that I can always use the password to login, why even require biometric auth in the first place?

Is it needed to generate the initial public-private key pair?

If it’s the case that I can always use the password to login, why even require biometric auth in the first place?

Internet Identity doesn’t require Biometric Auth. (Your biometric data never leaves your device). It requires your device to have the equivalent of a TPM chip. It’s up to your device how to lock access to that chip, but most of the phones use the equivalent of: If this user can unlock the screen, they have enough trust to unlock the TPM chip.

If it’s the case that I can always use the password to login, why even require biometric auth in the first place?

Maybe you can already answer this question by now, but if we take the above thought a little further, we understand that the “password” you enter to unlock the TPM chip never leaves your device, the same as your biometric data would. For that reason Internet Identity couldn’t use that password to authenticate you.

Is it needed to generate the initial public-private key pair?

Your TPM chip generates the pair and never lets you or Internet Identity see the private key.

5 Likes

Put in a different way, it’s your device that authenticates you, not the IC. The Internet Computer just takes instruction from your device after authentication.

And as you know, your device allows you to unlock either with your fingerprint or PIN.

So, It sounds like a hardware wallet can do the same thing. They generate private / public keys, and they only allow access after a PIN has been entered.

Will any model of yubiKey work create an internet ID, on a laptop computer?

Yes any model will work, but they have a quiz on their website which will help you choose the right one for your hardware.

Thanks, but I have Windows 10 now, but for ease of use I may have to buy a chromebook, and re-root it to run linux. Is there a YubiKey that would work for both, or should I buy a Linux compatible one straight away?

Yubikeys are universal. Why not dual-boot your current Windows machine with say Ubuntu rather than getting a second laptop?

When I dual boot, I am confused about how my hard-drives are set up. How much space do I have? Where are my documents? Where are program files stored? I am comfortable with Windows 10, now, and this took a while, … with “OneDrive” and Quick access Libraries, etc. So, I would rather have a real machine than a virtual machine.

Also, maybe even more important, if Linux is running in a Virtual machine, on top of Windows, I fear it will cause problems talking to hardware and peripherals. Maybe this is not a realistic fear, but… I think it’s grounded. I don’t want to have any trouble printing, or scanning, or burning DVDs on an external DVD drive. Or accessing my camera, or digital microscope, or Arduino development boards. One operating system was meant to run One machine. “KISS”, Keep It Simple and Stupid.

Wondering here as well . Seems to create Internet ID you need a key via a key outside a " browser " . Tried Firefox and Chromium . Thought the system was based on WASM and WASI .
As a newby and understood that a key player is a WASM founder now working with Internet Computer . It was not possible to create Internet ID with these " browsers " in my instance .
Any advice would be appreciated .

Cheers

This is why it is much cleaner to just get a new external drive and boot Ubuntu from that. USB 3 is fast enough although thunderbolt 3 is even better. I ran this setup for years before I decided to ditch Windows altogether.