ICP custody with NNS frontend dapp

From Internet Computer Wiki
Jump to: navigation, search

Currently, the easiest custody option is via the NNS Frontend Dapp.

Custody within NNS Frontend dapp

In networked smartphone or networked computer, do the following:

1. Log into NNS Frontend Dapp

nns frontend dapp login

2. Log in with Internet Identity

You can make an Internet Identity if you do not already have one

3. Add multiple devices

Strictly speaking, you do not need to add multiple devices, but it is highly recommended so you do not lose your ICP in case you lose your device.

4. Send ICP to your unique account

Within NNS Frontend dapp, navigate to the ICP tab

nns frontend dapp

Account should look something like this

723cd441238da744a097c3a20f8f4050d8355afb46fe12a1428a63996c37d918

The NNS frontend dapp is now your custody solution.

Decisions user needs to make

How do you authenticate to Internet Identity?

Internet Identity does not use passwords and usernames to log in. Internet Identity takes advantage of the Web Authentication (WebAuthn) API to provide secure cryptographic authentication. This means that you authenticate by "something you have" (e.g a phone, yuibkey, etc...) instead of "something you know" (e.g. a password).

From the point of view of the user, a user would use the following methods to authenticate:

  1. Computers
    1. Yubikey (with computers with USB ports)
    2. Thumbprint (with computers with electronic fingerprint recognition features like Touch ID)
  2. Smartphones
    1. Face ID (for smartphones with facial recognition systems)
    2. Thumbprint (for computers with electronic fingerprint recognition features like Touch ID)

2. If I lose my device, can I still use Internet Identity?

If you have an Identity Anchor tied to only one device and you lose that one device, you will be locked out. As a best practice, we recommend adding multiple devices and recovery mechanisms to each Identity Anchor.

3. How do I add more devices to my Identity Anchor?

To add more devices to an existing Identity Anchor, please see the guide here.

Trade-offs and risks

If you use this combination, you are accepting the following trade-offs:

  • If you only have 1 device tied to your Internet Identity, and you lose that device, you lose all access. You should add multiple devices in case one of them malfunctions. For example, if you have only one iPhone attached as a device to your Internet Identity, you are risking your ICP on that iPhone's Face Id always recognizing you. If it cannot, then you lost access to your ICP. Similarly, if you lose your phone, you would lose your ICP.
  • Not all devices and browsers support WebAuthn, so this option is sometimes not available.
  • You are accepting the risk that the community-vetted NNS Frontend dapp is not compromised
  • You are accepting the risk that the community-vetted Internet Identity canisteris not compromised