Privacy & Security

Review some best practices for safeguarding your Internet Identity.

What Are Some Best Practices for Protecting Your Internet Identity?

Internet Identity uses the WebAuthn standard support in browser to create cryptographic material that is then used to identify you as you. This cryptographic material is typically stored in your browser or by your OS in your computer (except if you use a dedicated passkey like a YubiKey). Depending on the browser, this cryptographic material may be deleted to make room for something else; or your computer may be lost. Either way, it's just too easy to lose this cryptographic material, meaning you would lose access to your Internet Identity.

Recovery mechanisms are meant to prevent you from losing access to your Internet Identity even if you lose the WebAuthn cryptographic material. There are two types of recovery mechanisms: recovery phrases and recovery devices. They should be stored safely, and only used in case you cannot use regular authentication devices (passkeys).

Your Internet Identity is very sensitive information and it's recommended to keep high levels of security around your NNS dapp account. The best way to prevent accidental loss of your identity is to use a dedicated FIDO device as a passkey and keep it in a safe place. We always recommend you add multiple passkeys to your Internet Identity and use at least one FIDO device. To protect yourself in case you lose a device, you should register as many passkeys as possible to prevent you from losing access to your dapps.

The minimum backup setup we recommend for now is:

  • FIDO Device
  • Phone with Biometrics (Don’t clear cache if Mac or iOS)
  • Recovery Phrase

You can also write-protect the principal derived from your recovery phrase, which is highly recommended.

Updated