What is Internet Identity?

Internet Identity enables you to authenticate securely and anonymously when you access applications that use it as an authentication method. A different pseudonym is created for each application you log in to, and you will be able to use all of your registered devices or authentication methods to log in to the same identity.

Unlike most authentication services, your Internet Identities do not require you to set and manage passwords or provide any personal identifying information to applications. Instead, you use the authentication profiles that you create such as facial recognition from a smartphone, your computer unlock password, or a security key.

How Internet Identity works

Internet Identity takes advantage of the Web Authentication (WebAuthn) API to provide secure cryptographic authentication using smart contracts for applications running on the Internet Computer. Internet Identity enables you to use security chips built into your smart phone or your laptop or security keys plugged into the USB port of your computer to authenticate you and to authorize access to an application.

Applications that integrate with Internet Identity prompt you to register or log in with a previously-registered ID number. Registering a device is a simple process that generates a unique cryptographic key for you that is stored on the Internet Computer blockchain. You can then use your ID number to register additional devices, so that you can access applications across all of your devices.

When you access an application that uses Internet Identity to authenticate your identity, your browser connects to Internet Identity and generates a key for use with that application. After you verify your identity, Internet Identity authorizes access to the application.

Your browser downloads the authorization, then redirects you to the application. The application verifies the authorization from Internet Identity and grants you access as an application-specific pseudonym. Internally, you have a different pseudonym for each application, but your pseudonym for any single application is the same across all of your devices. All of your devices just represent different methods you can use to authenticate your ID number.

Additionally, you can register as many identities with different ID numbers as you want for redundancy, to set up different device authentication profiles for other device users, or to ensure access to services that use the Internet Identity.

Identity recovery

When you register an identity, you will be prompted to copy a cryptographically-secure seed phrase or to add a dedicated security key for recovery purposes.

You can choose to do this at any time, but note that if you lose your ID number or if you no longer have access to authorized devices, you will need the seed-phrase or the recovery security key to recover your identity. Without one of these, you will be locked out of any applications that require the associated identity.

To learn how to register a device step-by-step, see: How to use Internet Identity.