Difference between revisions of "How to create an Internet Identity"
(First images) |
m (Setup Recovery Images) |
||
Line 1: | Line 1: | ||
+ | |||
The Internet Identity blockchain authentication system enables you to sign in securely and anonymously to dapps on the Internet Computer. | The Internet Identity blockchain authentication system enables you to sign in securely and anonymously to dapps on the Internet Computer. | ||
[[File:Welcome.png|right|200px|Internet Identity welcome page]] | [[File:Welcome.png|right|200px|Internet Identity welcome page]] | ||
Line 9: | Line 10: | ||
Alternatively, if you are trying to access a dapp, for example the NNS frontend dapp, you will see that you are prompted to login. When clicking the login button, you will be redirected to the Internet Identity screen (as seen on the right) where you can either login if you have an Identity Anchor, or create a new one if you don't. | Alternatively, if you are trying to access a dapp, for example the NNS frontend dapp, you will see that you are prompted to login. When clicking the login button, you will be redirected to the Internet Identity screen (as seen on the right) where you can either login if you have an Identity Anchor, or create a new one if you don't. | ||
− | ==Creating an Anchor==[[File:ii_anchor_created.png|right|200px|Internet Identity welcome page]] | + | ==Creating an Anchor== |
− | After selecting that you would like to create an Internet Identity Anchor on the II homepage, you will be directed to a screen where you are prompted to provide the name of the device on which you are generating the Anchor, e.g. iPhone, Laptop, Yubikey. | + | [[File:ii_anchor_created.png|right|200px|Internet Identity welcome page]]After selecting that you would like to create an Internet Identity Anchor on the II homepage, you will be directed to a screen where you are prompted to provide the name of the device on which you are generating the Anchor, e.g. iPhone, Laptop, Yubikey. |
Upon entering the device name, your device will prompt you to allow "identity.ic0.app" to use either a dedicated security key, or with an authentication method of the device you are using, if that option is available. | Upon entering the device name, your device will prompt you to allow "identity.ic0.app" to use either a dedicated security key, or with an authentication method of the device you are using, if that option is available. | ||
For example, if your device has biometrics enabled to unlock it, you might see the option to use those as your authentication method. You can also use the password that unlocks your computer or a pin that unlocks your phone, depending on the device you’re using. | For example, if your device has biometrics enabled to unlock it, you might see the option to use those as your authentication method. You can also use the password that unlocks your computer or a pin that unlocks your phone, depending on the device you’re using. | ||
Line 16: | Line 17: | ||
Once you grant access, you will be redirected to solve a captcha. After solving this, you will be prompted to choose an account to sign in to "identity.ic0.app". Here you can select the sign in with the Passkey (which was generated and is stored on your device) or you can choose to sign in with an external security key. | Once you grant access, you will be redirected to solve a captcha. After solving this, you will be prompted to choose an account to sign in to "identity.ic0.app". Here you can select the sign in with the Passkey (which was generated and is stored on your device) or you can choose to sign in with an external security key. | ||
After that, you will be redirected to a screen which displays your newly created Identity Anchor! Note that on this screen there is a suggestion to record your Identity Anchor number. This is the number that you will need to enter to authenticate to dapps running on the IC. | After that, you will be redirected to a screen which displays your newly created Identity Anchor! Note that on this screen there is a suggestion to record your Identity Anchor number. This is the number that you will need to enter to authenticate to dapps running on the IC. | ||
− | + | [[File:ii_setup_recovery.png|right|200px|Internet Identity welcome page]] | |
− | |||
==Account recovery== | ==Account recovery== | ||
After creating your Identity Anchor, you will be directed to a page that allows to add a recovery mechanism, or to skip this step. There is a warning here, which notes that if you browser history is cleared, your authentication keys will be deleted from this device. For this reason, it's highly recommended to assign multiple devices or to use a security key or a seed phrase as a recovery mechanism. When you select to add a recovery mechanism, you are given two choices; either generate a seed phrase which you should store securely or to use an extra security key. If you are used to using digital wallets, perhaps you are used to securely maintaining seed phrases. Otherwise, you can choose to use the security key. Only if you are sure that you will not need to remember this Anchor should you skip this step. | After creating your Identity Anchor, you will be directed to a page that allows to add a recovery mechanism, or to skip this step. There is a warning here, which notes that if you browser history is cleared, your authentication keys will be deleted from this device. For this reason, it's highly recommended to assign multiple devices or to use a security key or a seed phrase as a recovery mechanism. When you select to add a recovery mechanism, you are given two choices; either generate a seed phrase which you should store securely or to use an extra security key. If you are used to using digital wallets, perhaps you are used to securely maintaining seed phrases. Otherwise, you can choose to use the security key. Only if you are sure that you will not need to remember this Anchor should you skip this step. |
Revision as of 10:56, 20 January 2022
The Internet Identity blockchain authentication system enables you to sign in securely and anonymously to dapps on the Internet Computer.
Getting Started
Suppose you want to interact with dapps running on the Internet Computer. It's often the case that you will need to authenticate or login to access and use the features of the dapp. Currently, the easiest way to authenticate is by using an identity anchor obtained from the II.
The quickest way to get started with this, is to navigate directly to the Internet Identity dapp: https://identity.ic0.app/ Here, you will be welcomed with a screen prompting you to enter your Identity Anchor. If you are just getting started, then you need to create an identity anchor by clicking on the link.
Alternatively, if you are trying to access a dapp, for example the NNS frontend dapp, you will see that you are prompted to login. When clicking the login button, you will be redirected to the Internet Identity screen (as seen on the right) where you can either login if you have an Identity Anchor, or create a new one if you don't.
Creating an Anchor
After selecting that you would like to create an Internet Identity Anchor on the II homepage, you will be directed to a screen where you are prompted to provide the name of the device on which you are generating the Anchor, e.g. iPhone, Laptop, Yubikey.
Upon entering the device name, your device will prompt you to allow "identity.ic0.app" to use either a dedicated security key, or with an authentication method of the device you are using, if that option is available. For example, if your device has biometrics enabled to unlock it, you might see the option to use those as your authentication method. You can also use the password that unlocks your computer or a pin that unlocks your phone, depending on the device you’re using.
Once you grant access, you will be redirected to solve a captcha. After solving this, you will be prompted to choose an account to sign in to "identity.ic0.app". Here you can select the sign in with the Passkey (which was generated and is stored on your device) or you can choose to sign in with an external security key. After that, you will be redirected to a screen which displays your newly created Identity Anchor! Note that on this screen there is a suggestion to record your Identity Anchor number. This is the number that you will need to enter to authenticate to dapps running on the IC.
Account recovery
After creating your Identity Anchor, you will be directed to a page that allows to add a recovery mechanism, or to skip this step. There is a warning here, which notes that if you browser history is cleared, your authentication keys will be deleted from this device. For this reason, it's highly recommended to assign multiple devices or to use a security key or a seed phrase as a recovery mechanism. When you select to add a recovery mechanism, you are given two choices; either generate a seed phrase which you should store securely or to use an extra security key. If you are used to using digital wallets, perhaps you are used to securely maintaining seed phrases. Otherwise, you can choose to use the security key. Only if you are sure that you will not need to remember this Anchor should you skip this step.
Adding a Second Device
It is good practice to add a second device for a number of reasons.
- It is often the case that you will want to login to dapps from more than one device, eg. from a mobile phone, and later from a laptop.
- Adding a second device allows to more easily recover your Anchor or account should it get lost from one device.
The most straight forward way to add a second device is to navigate to https://identity.ic0.app/ on the device that you would like to add. Once there, you can select the option "Already have an Anchor and want to add a new device. Clicking this, you will be directed to a page where you can enter your existing Identity Anchor. Upon entering your Anchor and clicking continue, you will be prompted to allow access to either a security key, or your current device. Choose your preference, and then you will be directed to a screen displaying a url (or its equivalent QR code). Upon scanning the QR code with the original device, you will be directed to the app where you can confirm that you are attempting to add a new device. One you confirm, you will be asked to name the new device. After this, both devices should appear in the Anchor Management page of identity.ic0.app
Authenticating
When you have created an Identity Anchor and added devices, logging into dapps is a simple process. When you navigate to a dapp that supports authenticating with Internet Identity, simply click on the login button to be directed to the II frontend where you can enter your Anchor number and authenticate. After this, you will be directed to a page requiring you to authorize the authentication. After selecting 'Proceed' you will finalize the authentication process and be redirected and logged in to the dapp.
Key Features
Ease of Use
Internet Identity provides a secure way for users to generate identity anchors and authenticate to applications running on the Internet Computer without the need to remember and manage passwords.
Privacy
No personal identifying information is needed to generate an anchor and as Internet Identity generates different pseudonyms for different applications, privacy is provided for users as interactions across dapps cannot be tracked.
Availability
Since an anchor's key material is generated and stored on the user's device, it is not the case that a particular service or application can hinder the availability of an individual's anchor as a method of authentication.
FAQ
Do I need to use Internet Identity to use all dapps on the IC?
No, II is an authentication option that can be used by the developers of the dapps. Developers may choose they do not need authentication, or if they do want authentication, they can use anything else. II is very popular because building authentication systems is very hard to do securely so it is a boon for many developers, but they can choose to use something else if they find their users do not need it.
Examples:
- Motoko Playground is a dapp on the IC that does not require II.
How do I get an Identity Anchor from Internet Identity?
The one and only place to generate an Identity Anchor is to visit https://identity.ic0.app/.
Detailed instructions can be found by visiting https://smartcontracts.org/docs/ic-identity-guide/auth-how-to.html
Do I really need to link another device or save the seed-phrase?
Although it is not necessary, it is really useful to link another device or to save the seed-phrase in case you lose access to your Identity Anchor on a particular device. Further, as your Identity Anchor may be used to generate accounts for wallets or dapps, access to these may also be lost if you lose access to your Identity Anchor.
What happens if I lose my device?
If you lose your device and want to recover, you can click on the 'Lost access and want to recover' link at https://identity.ic0.app/.
If you have an Identity Anchor tied to only one device and you lose that one device, you will be locked out. As a best practice, we recommend adding multiple devices and recovery mechanisms to every Identity Anchor.
How can I add more devices?
If you want to add another device, you can click on the 'Already have an anchor but using a new device?' link at https://identity.ic0.app/
Detailed instructions can be found here: https://smartcontracts.org/docs/ic-identity-guide/auth-how-to.html#_add_a_device
No. Internet Identity uses a different Principal (a "pseudonym") for each dapp that you authenticate to using Internet Identity. Since the pseudonyms Internet Identity generates for you are different for each dapp, dapps cannot use them to track you outside of their realm.
Does Internet Identity support Windows Hello?
Yes! Internet Identity supports authenticating via Windows Hello. If Windows Hello is set up on your PC then Internet Identity will offer you to authenticate through Windows Hello.
Detailed instructions can be found here: https://smartcontracts.org/docs/ic-identity-guide/hello-guide.html
Why can't I log in with a new device?
If you can't log in with an existing Identity Anchor, it may be the case that the anchor hasn't been added to the new device. If this is the case, simply visit https://identity.ic0.app/ , click on the 'Already have an anchor but using a new device?' link, add the device and try again.
It may also be the case that the face ID or the fingerprint system is not enabled on the device. Ensure that these are enabled, and try to log in again.
Is there a way to revoke a dapp's access to my Identity Anchor?
There is no explicit revocation method, but privilege delegation to Internet Identity is limited in time, so will expire. Alternatively, simply once the browser tab is closed, the delegation is gone.