What is Internet Identity?

Internet Identity is a canister smart contract implemented on the Internet Computer blockchain. It enables you to authenticate securely and anonymously when you access dapps on the Internet Computer. To authenticate, one must specify an Identity Anchor. For each dapp you authenticate to using an Identity Anchor, based on that Identity Anchor, Internet Identity creates a different pseudonym specific to that dapp. This pseudonym cannot be linked to the Identity Anchor. You can add multiple authentication methods, such as security keys or facial recognition on computers or phones, to an Identity Anchor, and you will be able to use each of these authentication methods to authenticate using that Identity Anchor. Also, you can create as many Identity Anchors as you wish.

Unlike most authentication methods, Internet Identity does not require you to set and manage passwords or provide any personal identifying information to dapps or to Internet Identity.

How Internet Identity works

Internet Identity takes advantage of the Web Authentication (WebAuthn) API to provide secure cryptographic authentication using smart contracts for dapps running on the Internet Computer. Internet Identity enables you to use security modules built into your smart phone, your laptop or security keys plugged into the USB port of your computer to authenticate and authorize access to dapps running on the Internet Computer.

Dapps that integrate with Internet Identity prompt you to authenticate using an Identity Anchor. If you don’t have an Identity Anchor yet, it is easy to create one and add authentication methods to it. For more details, see How to use Internet Identity. For each device you add, a pair of cryptographic keys (private and public key) is generated. The public key is stored on the Internet Computer blockchain. Adding multiple authentication methods to an Identity Anchor allows you to access dapps across all of your devices.

When you access a dapp that uses Internet Identity for authentication, you first specify the Identity Anchor you want to use. After authenticating using an authentication method for this Identity Anchor, your browser connects to Internet Identity and generates a key for use with that dapp. Finally, you are asked to authorize access to the dapp.

Your browser downloads the authorization and then redirects you to the dapp. The dapp verifies the authorization from Internet Identity and grants you access as an application-specific anonymous identity that we call pseudonym. Internally, you have a different pseudonym for each dapp, but your pseudonym for any single dapp is the same across all of your devices. All of your devices just represent different methods you can use to authenticate your Identity Anchor.

You can register as many Identity Anchors as you want for redundancy, to set up different device authentication profiles for other device users, or to ensure access to services that use Internet Identity.

How to use Internet Identity

To learn how to create and use Identity Anchors step-by-step, see How to use Internet Identity. This also describes how to set up recovery mechanisms for Identity Anchors.