How to use the Internet Identity
Internet Identity enables you to authenticate securely and anonymously when you access applications that use it as an authentication method. A different pseudonym is created for each application you log in to, and you will be able to use all of your registered devices or authentication methods to log in to the same identity. This is all accomplished using encrypted smart contracts that run on the Internet Computer blockchain.
Unlike most authentication methods, your Internet Identity does not require you to set and manage passwords or provide any personal identifying information to applications or to Internet Identity. Instead, you create authentication profiles using an ID number and the authentication methods you choose such as facial recognition from a smartphone, your computer unlock password, or a security key.
On macOS/iOS/ipadOS (including iPhones), authentication using Safari is coupled to your browser profile. If you want to log in to an application in a different browser, or if you use multiple Safari browser profiles, you have to add the combination of your authentication method and the new browser as a new device. See:
Windows users can only use a security key as an authorized device.
Firefox does not currently accept OSX with any device authentication method other than a security key.
You can securely access applications running on the Internet Computer that use Internet Identity for authentication, by selecting an authentication method and having an Internet Identity ID number generated for you. You can create as many identities as you want by registering new ID numbers.
When you first access an application running on the Internet Computer, you are directed to Internet Identity and asked to enter a ID number to log in. If you are a new user, you need to register to obtain an ID number.
To create an Internet Identity as a first-time user:
Go to Internet Identity.
Click Register with Internet Identity.
Enter a name for the device profile you’re using to create your Internet Identity. For example: iPhone, or YubiKey.
Register your device.
Choose to register using either a dedicated security key, or with an authentication method of the device you are using, if that option is available.
For example, if your device has biometrics enabled to unlock it, you might see the option to use those as your authentication method. You can also use the password that unlocks your computer or a pin that unlocks your phone, depending on the device you’re using.
As a best practice, use at least one dedicated security key. You can then add other authentication devices, such as your phone, your computer, or a second security key you actively use. Use this method to store the first key in a safe place in the event that you are unable to to use your preferred device. When you use a dedicated security key, you can log in to any Internet Computer application using any browser, with any device that recognizes it.
Authenticate the device.
Authenticate using the method you selected when prompted.
Your identity is not created until you perform this step.
At this point, depending on the device you are using, you might be asked to either use your device authenitication method, or to use an identity saved to your security key. If you are registering for the first time, choose to use the device authentication.
Save your ID number.
When you have registered your device, you’ll receive an ID number.
This number is unique, but it is not a secret, so you should save the number in multiple places. Your browser will remember your ID number, but you will need it if you log in on a different computer, change your browser profile, or if you clear your browser state.
If you lose your ID number and are logged out on all devices, you cannot log in to Internet Identity to manage your devices, or access any of your applications, unless you have set up account recovery in the next step.
Set up account recovery
In addition to registering multiple devices and using security keys, you can set up account recovery at the prompt by clicking Set up Account recovery.
On the next screen, you can select one of the following options:
Select this option to generate a cryptographically-secure seed-phrase that you can use to recover your account. Make sure you save this phrase somewhere safe and known only to you. Note that the first string in your seed phrase is your ID number. You will need this number to begin the the recovery process.
Use a dedicated security key to recover your account in the event that you lose access to your authorized devices. This key must be different from one that you actively use to log in to Internet Identity. Keep this key somewhere safe and known only to you. You will need to know your ID number to begin recovery.
Set recovery later
You can skip the account recovery process and choose to set it up at any time from the login page.
On the next screen, you will see your ID number and your registered authentication devices. From here, you can add and remove devices, and set up an account recovery method.
The workflow for adding a device can vary depending on what devices you’ve already added to your identity. For example, if you first authorized your computer to create your ID number, and you’d like to add your phone as a second authentication method, you must be able to authenticate your phone on the authorized computer. You must always be able to authorize the device you want to add by using a device that is already authorized.
If you are registering a new device, such as a new security key, or a new browser profile using a computer or phone that has already been registered, you can do this easily and directly from within Internet Identity Management.
Other workflows can be more complex, for example, adding your phone as an authentication device using your authenticated computer.
To register your phone as an additional authentication method using the phone’s unlock methods:
Open the Internet Identity web page in your phone’s browser.
Click Already registered but using a new device?
Enter your ID number and click Continue.
Click GET STARTED.
Select Use this device with screen lock.
You will be asked to unlock the device.
To use the screen lock option, you have to have screen lock activated on your phone.
Authorize your phone.
After you’ve unlocked your phone, you will be provided with a URL and a QR code. You must use the URL or QR code in a browser in the computer that has already been authorized. For example, you can copy the URL and email it to yourself, then paste it into a browser on the computer.
Enter your ID Number and click Login.
Link your phone to your identity.
If you’re sure that the link you pasted in the browser came from you, click Yes, link new device.
Give the device profile a name and click Link Device.
Your phone will be redirected to the login page, and you can now use it with your ID number to log in.
|You should register as many devices as possible to prevent you from losing access to your applications should you lose a device. Again, the best way to prevent accidental loss is to set up a recovery method.|
When you register an identity, you will be prompted to copy a cryptographically-secure seed phrase or to add a dedicated security key for recovery purposes.
You can choose to do this at any time, but note that if you lose your ID number or if you no longer have access to authorized devices, you will need the seed-phrase or the recovery security key to recover your identity. Without one of these, you will be locked out of any applications that require the associated identity.
If you have set up a recovery phrase or recovery security key, you can regain access to your identity by clicking Lost access and want to recover? from the Internet Identity landing page.