Introducing Internet Identity: It’s 2022, and we still don’t have a secure way to browse the internet. Some of the biggest brains in the web3 space have made it possible. But how does it work?
Classic Web2 Authentication
Since the early days of the internet, whenever we needed to create an account on a certain platform, we had to come up with a clever username and create a strong password.
But over time, password requirements have become incredibly complex and time-consuming.
How are Web2 Passwords Stored?
Did you know that several Web2 platforms still store passwords on their servers as plain text? Storing as plain text means that there is a database, which collects usernames and cross-checks them with the password they are connected to every time a user logs in. This is as inefficient as it sounds and the least secure way to store personal data on a server.
However, many platforms are relying on more advanced methods to protect the sensitive data of their users. One way is through basic encryption, where a key is generated from a random string of numbers and letters and stored on the server. The problem here is that the password (even though highly abstracted) can be easily compromised because the key used for encryption is stored on the same server as its corresponding password.
A second and more robust option for persisting passwords relies on hashing. This technique is similar to encryption, but here the password can not be reverse-engineered through one unique key. Nonetheless, hackers can still crack hashed passwords by attempting to decipher different combinations of Unicode characters until they crack the hash. Although this hacking method is labor-intensive, it can easily be automated and successfully implemented within a matter of hours.
There is a website that shows if your password has been breached.
You can check it out here.
Fraud, Data Leakage, and Identity Theft
A simple Google search demonstrates how many data breaches have occurred on Facebook alone in the past couple of years:
If we dive deeper, we discover more clever ways hackers have successfully stolen the online identity of internet users. For example, we recently covered a story, where Binance’s CCO, Patrick Hillmann, was impersonated on a video call through a deep fake.
How ICP’s Internet Identity Solves the Problem
With ICP’s Internet Identity, there is no need to enter a username and password to log into any dApp available on the blockchain. Biometrics, which are implemented on the user’s local device, are all that is needed. In most cases, this is the fingerprint on a laptop or the face ID on a phone. If these are not available, there are other options, such as a Ledger wallet or a YubiKey, which can securely store login information.
On the IC blockchain, a user’s login information is associated with their Internet Identity anchor and the devices connected to it.
“For each device you add, a pair of cryptographic keys (a private and a public key) is generated. The public key is stored on the Internet Computer blockchain, while the private key remains locked inside the authentication device, together with any biometric data that governs access to it. Adding multiple authentication devices to an identity anchor allows you to access dApps across all of your devices”
Thanks to the high level of cryptography going on behind the scenes, our Internet Identity is unbreachable. In the near future, this method of online authentication will become our primary digital signature.
How to Create an Internet Identity
Go to http://identity.ic0.app
- Click on “Create a new Internet Identity Anchor”
- Enter a name for your authentication method (device, YubiKey, ledger wallet)
- Create your Internet Identity
For more information, you can check this tutorial.
Once you have your Internet Identity set up, you can log into every dApp in the ICP ecosystem without having to worry about remembering multiple passwords and usernames.
All you need is your fingerprint.
*Originally posted on fastblocks.com