diff --git a/.github/workflows/canister-tests.yml b/.github/workflows/canister-tests.yml
index a1250b5851..7ba24d54a3 100644
--- a/.github/workflows/canister-tests.yml
+++ b/.github/workflows/canister-tests.yml
@@ -337,12 +337,6 @@ jobs:
     steps:
       - uses: actions/checkout@v3
 
-      # Required by the ic-test-state-machine
-      - name: Install openssl (macos)
-        if: ${{ matrix.os == 'macos-latest' }}
-        run: |
-          brew install openssl@3
-
       - name: Download nextest
         run: |
           set -euo pipefail
diff --git a/.github/workflows/release-build-check.yml b/.github/workflows/release-build-check.yml
index e0e72218bc..e80c4dfe6e 100644
--- a/.github/workflows/release-build-check.yml
+++ b/.github/workflows/release-build-check.yml
@@ -17,8 +17,8 @@ jobs:
   latest-release:
     outputs:
       ref: ${{ steps.release.outputs.ref }}
-      prod_sha256: ${{ steps.release.outputs.prod_sha256 }}
-      dev_sha256: ${{ steps.release.outputs.dev_sha256 }}
+      ii_prod_sha256: ${{ steps.release.outputs.ii_prod_sha256 }}
+      archive_sha256: ${{ steps.release.outputs.archive_sha256 }}
     runs-on: ubuntu-latest
     steps:
       - name: Get latest release information
@@ -32,14 +32,18 @@ jobs:
             exit 1
           fi
           curl --silent -SL "https://github.com/dfinity/internet-identity/releases/download/$latest_release_ref/internet_identity_production.wasm.gz" -o internet_identity_production.wasm.gz
-          latest_prod_release_sha256=$(shasum -a 256 ./internet_identity_production.wasm.gz | cut -d ' ' -f1)
+          curl --silent -SL "https://github.com/dfinity/internet-identity/releases/download/$latest_release_ref/archive.wasm.gz" -o archive.wasm.gz
+          latest_release_ii_prod_sha256=$(shasum -a 256 ./internet_identity_production.wasm.gz | cut -d ' ' -f1)
+          latest_release_archive_sha256=$(shasum -a 256 ./archive.wasm.gz | cut -d ' ' -f1)
           echo latest release is "$latest_release_ref"
-          echo latest prod release sha256 is "$latest_prod_release_sha256"
+          echo latest prod release sha256 is "$latest_release_ii_prod_sha256"
+          echo latest archive release sha256 is "$latest_release_archive_sha256"
           echo "ref=$latest_release_ref" >> "$GITHUB_OUTPUT"
-          echo "prod_sha256=$latest_prod_release_sha256" >> "$GITHUB_OUTPUT"
+          echo "ii_prod_sha256=$latest_release_ii_prod_sha256" >> "$GITHUB_OUTPUT"
+          echo "archive_sha256=$latest_release_archive_sha256" >> "$GITHUB_OUTPUT"
         id: release
 
-  # Then perform the build, using the release as checkout
+  # Perform the clean build (non-docker), using the release as checkout
   clean-build:
     runs-on: ${{ matrix.os }}
     needs: latest-release
@@ -54,7 +58,7 @@ jobs:
       - uses: ./.github/actions/check-build
         with:
           # we check that ubuntu builds match the latest release build
-          sha256: ${{ startsWith(matrix.os, 'ubuntu') && needs.latest-release.outputs.prod_sha256 || '' }}
+          sha256: ${{ startsWith(matrix.os, 'ubuntu') && needs.latest-release.outputs.ii_prod_sha256 || '' }}
 
         # Since the release build check is a scheduled job, a failure won't be shown on any
         # PR status. To notify the team, we send a message to our Slack channel on failure.
@@ -64,3 +68,40 @@ jobs:
         with:
           WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
           MESSAGE: "Release build check failed"
+
+  # Verify the hash using the verify-hash script, using the release as checkout.
+  # This runs the build using docker and should work on all platforms.
+  verify-build-dockerized:
+    runs-on: ${{ matrix.os }}
+    needs: latest-release
+    strategy:
+      matrix:
+        os: [ ubuntu-22.04, ubuntu-20.04, macos-11, macos-12 ]
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          ref: "refs/tags/${{ needs.latest-release.outputs.ref }}"
+
+      - name: Setup docker (missing on MacOS)
+        if: runner.os == 'macos'
+        run: |
+          brew install docker
+          brew install docker-buildx
+          # The following 2 commands are taken from the post install instructions printed by `brew install docker-buildx` 
+          mkdir -p ~/.docker/cli-plugins
+          ln -sfn /usr/local/opt/docker-buildx/bin/docker-buildx ~/.docker/cli-plugins/docker-buildx
+          colima start
+
+      - name: "Verify Hash"
+        id: dfx-metadata
+        run: |
+          ./scripts/verify-hash --ii-hash ${{ needs.latest-release.outputs.ii_prod_sha256 }} --archive-hash ${{ needs.latest-release.outputs.archive_sha256 }}
+
+        # Since the release build check is a scheduled job, a failure won't be shown on any
+        # PR status. To notify the team, we send a message to our Slack channel on failure.
+      - name: Notify Slack on failure
+        uses: ./.github/actions/slack
+        if: ${{ failure() }}
+        with:
+          WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
+          MESSAGE: "Verify hash check failed"
diff --git a/.github/workflows/update-dapps.yml b/.github/workflows/update-dapps.yml
index 89e2da4b80..9f5a19646f 100644
--- a/.github/workflows/update-dapps.yml
+++ b/.github/workflows/update-dapps.yml
@@ -12,15 +12,20 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
+      - uses: ./.github/actions/setup-node
+      - run: npm ci
 
       # Run the update
       - name: Check new dapps file
         id: update
         run: ./scripts/update-dapps
 
+      # Run the formatter so that the dapps.json file is formatted
+      - run: npm run format
+
       # If the dapps changed, create a PR.
+      # This action creates a PR only if there are changes.
       - name: Create Pull Request
-        if: ${{ steps.update.outputs.updated == '1' }}
         uses: peter-evans/create-pull-request@v4
         with:
           token: ${{ secrets.GIX_BOT_PAT }}
diff --git a/.ic-commit b/.ic-commit
index 78060de556..c444eac5a7 100644
--- a/.ic-commit
+++ b/.ic-commit
@@ -1,3 +1,3 @@
 # the commit used to pull the state machine executable
 # see rust canister tests for more info
-c74ce7317761e540d722d01fa6c26a046707f372
+4918bb79b1ff24defeec0d596c60796688b5ddec
diff --git a/.node-version b/.node-version
index 4a1f488b6c..02c8b485ed 100644
--- a/.node-version
+++ b/.node-version
@@ -1 +1 @@
-18.17.1
+18.18.0
diff --git a/demos/using-dev-build/package-lock.json b/demos/using-dev-build/package-lock.json
index 9a2382cf13..324e4654d0 100644
--- a/demos/using-dev-build/package-lock.json
+++ b/demos/using-dev-build/package-lock.json
@@ -15,7 +15,7 @@
         "@wdio/local-runner": "^8.6.9",
         "@wdio/mocha-framework": "^8.6.8",
         "@wdio/spec-reporter": "^8.6.8",
-        "chromedriver": "^115.0.0",
+        "chromedriver": "^117.0.1",
         "prettier": "^2.7.1",
         "prettier-plugin-organize-imports": "^3.2.2",
         "proxy": "git+https://github.com/nmattia/dfx-proxy",
@@ -2245,9 +2245,9 @@
       }
     },
     "node_modules/chromedriver": {
-      "version": "115.0.0",
-      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-115.0.0.tgz",
-      "integrity": "sha512-mkPL+sXMLMUenoXCiKREw+cBl3ibfhiWxkiv9ByIPpqtrrInCt9zKdOolAsbmN/ndlH51WtT5ukUKbeRdrpikg==",
+      "version": "117.0.1",
+      "resolved": "https://registry.npmjs.org/chromedriver/-/chromedriver-117.0.1.tgz",
+      "integrity": "sha512-n3gGFlSS8UAnk3ya2SWU6sN3k3GQsr8K/rWhKWse/NuzNDvLCYm7if9i1KnVx/x1Cp2C59mWN0w1DyhUSheNbA==",
       "dev": true,
       "hasInstallScript": true,
       "dependencies": {
@@ -2263,7 +2263,7 @@
         "chromedriver": "bin/chromedriver"
       },
       "engines": {
-        "node": ">=16"
+        "node": ">=18"
       }
     },
     "node_modules/chromium-bidi": {
diff --git a/demos/using-dev-build/package.json b/demos/using-dev-build/package.json
index fc4d552c7a..420e218ce9 100644
--- a/demos/using-dev-build/package.json
+++ b/demos/using-dev-build/package.json
@@ -16,7 +16,7 @@
     "@wdio/local-runner": "^8.6.9",
     "@wdio/mocha-framework": "^8.6.8",
     "@wdio/spec-reporter": "^8.6.8",
-    "chromedriver": "^115.0.0",
+    "chromedriver": "^117.0.1",
     "prettier": "^2.7.1",
     "prettier-plugin-organize-imports": "^3.2.2",
     "proxy": "git+https://github.com/nmattia/dfx-proxy",
diff --git a/docker-test-env/docker-compose.yml b/docker-test-env/docker-compose.yml
index aade3c96c0..4c0a247d73 100644
--- a/docker-test-env/docker-compose.yml
+++ b/docker-test-env/docker-compose.yml
@@ -28,7 +28,7 @@ services:
   # Selenium container with chromedriver and chrome
   selenium:
     # use the seleniarm image that provides multiple architecture variants including one for M1 chips
-    image: seleniarm/standalone-chromium:104.0
+    image: seleniarm/standalone-chromium:116.0
     ports:
       - "4444:4444" # port for the test runner to connect to chromedriver
       - "7900:7900" # port to access the page to watch what chrome is doing (http://localhost:7900, pw is secret)
@@ -36,6 +36,8 @@ services:
     environment: # default number of sessions is 1. We need more because of flows involving multiple devices (which we simulate using parallel sessions).
       - SE_NODE_OVERRIDE_MAX_SESSIONS=true
       - SE_NODE_MAX_SESSIONS=5
+      - SCREEN_WIDTH=1920
+      - SCREEN_HEIGHT=1080
     networks:
       - ic
 networks:
diff --git a/package-lock.json b/package-lock.json
index 12c992664b..61c1e67bf1 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -34,6 +34,7 @@
         "astro": "^2.4.1",
         "eslint": "8.47.0",
         "extract-zip": "^2.0.1",
+        "fake-indexeddb": "^4.0.2",
         "html-minifier-terser": "^7.2.0",
         "prettier": "2.8.0",
         "prettier-plugin-organize-imports": "^3.2.2",
@@ -3049,6 +3050,15 @@
         "node": ">= 0.6.0"
       }
     },
+    "node_modules/base64-arraybuffer-es6": {
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/base64-arraybuffer-es6/-/base64-arraybuffer-es6-0.7.0.tgz",
+      "integrity": "sha512-ESyU/U1CFZDJUdr+neHRhNozeCv72Y7Vm0m1DCbjX3KBjT6eYocvAJlSk6+8+HkVwXlT1FNxhGW6q3UKAlCvvw==",
+      "dev": true,
+      "engines": {
+        "node": ">=6.0.0"
+      }
+    },
     "node_modules/base64-js": {
       "version": "1.5.1",
       "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
@@ -4999,6 +5009,15 @@
         "@types/yauzl": "^2.9.1"
       }
     },
+    "node_modules/fake-indexeddb": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/fake-indexeddb/-/fake-indexeddb-4.0.2.tgz",
+      "integrity": "sha512-SdTwEhnakbgazc7W3WUXOJfGmhH0YfG4d+dRPOFoYDRTL6U5t8tvrmkf2W/C3W1jk2ylV7Wrnj44RASqpX/lEw==",
+      "dev": true,
+      "dependencies": {
+        "realistic-structured-clone": "^3.0.0"
+      }
+    },
     "node_modules/fast-deep-equal": {
       "version": "3.1.3",
       "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
@@ -9153,6 +9172,32 @@
         "node": ">=8.10.0"
       }
     },
+    "node_modules/realistic-structured-clone": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/realistic-structured-clone/-/realistic-structured-clone-3.0.0.tgz",
+      "integrity": "sha512-rOjh4nuWkAqf9PWu6JVpOWD4ndI+JHfgiZeMmujYcPi+fvILUu7g6l26TC1K5aBIp34nV+jE1cDO75EKOfHC5Q==",
+      "dev": true,
+      "dependencies": {
+        "domexception": "^1.0.1",
+        "typeson": "^6.1.0",
+        "typeson-registry": "^1.0.0-alpha.20"
+      }
+    },
+    "node_modules/realistic-structured-clone/node_modules/domexception": {
+      "version": "1.0.1",
+      "resolved": "https://registry.npmjs.org/domexception/-/domexception-1.0.1.tgz",
+      "integrity": "sha512-raigMkn7CJNNo6Ihro1fzG7wr3fHuYVytzquZKX5n0yizGsTcYgzdIUwj1X9pK0VvjeihV+XiclP+DjwbsSKug==",
+      "dev": true,
+      "dependencies": {
+        "webidl-conversions": "^4.0.2"
+      }
+    },
+    "node_modules/realistic-structured-clone/node_modules/webidl-conversions": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz",
+      "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==",
+      "dev": true
+    },
     "node_modules/regexp.prototype.flags": {
       "version": "1.4.3",
       "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.4.3.tgz",
@@ -10638,6 +10683,64 @@
         "node": ">=14.17"
       }
     },
+    "node_modules/typeson": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/typeson/-/typeson-6.1.0.tgz",
+      "integrity": "sha512-6FTtyGr8ldU0pfbvW/eOZrEtEkczHRUtduBnA90Jh9kMPCiFNnXIon3vF41N0S4tV1HHQt4Hk1j4srpESziCaA==",
+      "dev": true,
+      "engines": {
+        "node": ">=0.1.14"
+      }
+    },
+    "node_modules/typeson-registry": {
+      "version": "1.0.0-alpha.39",
+      "resolved": "https://registry.npmjs.org/typeson-registry/-/typeson-registry-1.0.0-alpha.39.tgz",
+      "integrity": "sha512-NeGDEquhw+yfwNhguLPcZ9Oj0fzbADiX4R0WxvoY8nGhy98IbzQy1sezjoEFWOywOboj/DWehI+/aUlRVrJnnw==",
+      "dev": true,
+      "dependencies": {
+        "base64-arraybuffer-es6": "^0.7.0",
+        "typeson": "^6.0.0",
+        "whatwg-url": "^8.4.0"
+      },
+      "engines": {
+        "node": ">=10.0.0"
+      }
+    },
+    "node_modules/typeson-registry/node_modules/tr46": {
+      "version": "2.1.0",
+      "resolved": "https://registry.npmjs.org/tr46/-/tr46-2.1.0.tgz",
+      "integrity": "sha512-15Ih7phfcdP5YxqiB+iDtLoaTz4Nd35+IiAv0kQ5FNKHzXgdWqPoTIqEDDJmXceQt4JZk6lVPT8lnDlPpGDppw==",
+      "dev": true,
+      "dependencies": {
+        "punycode": "^2.1.1"
+      },
+      "engines": {
+        "node": ">=8"
+      }
+    },
+    "node_modules/typeson-registry/node_modules/webidl-conversions": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-6.1.0.tgz",
+      "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w==",
+      "dev": true,
+      "engines": {
+        "node": ">=10.4"
+      }
+    },
+    "node_modules/typeson-registry/node_modules/whatwg-url": {
+      "version": "8.7.0",
+      "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-8.7.0.tgz",
+      "integrity": "sha512-gAojqb/m9Q8a5IV96E3fHJM70AzCkgt4uXYX2O7EmuyOnLrViCQlsEBmF9UQIu3/aeAIp2U17rtbpZWNntQqdg==",
+      "dev": true,
+      "dependencies": {
+        "lodash": "^4.7.0",
+        "tr46": "^2.1.0",
+        "webidl-conversions": "^6.1.0"
+      },
+      "engines": {
+        "node": ">=10"
+      }
+    },
     "node_modules/ua-parser-js": {
       "version": "1.0.35",
       "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-1.0.35.tgz",
@@ -14133,6 +14236,12 @@
       "resolved": "https://registry.npmjs.org/base64-arraybuffer/-/base64-arraybuffer-0.2.0.tgz",
       "integrity": "sha512-7emyCsu1/xiBXgQZrscw/8KPRT44I4Yq9Pe6EGs3aPRTsWuggML1/1DTuZUuIaJPIm1FTDUVXl4x/yW8s0kQDQ=="
     },
+    "base64-arraybuffer-es6": {
+      "version": "0.7.0",
+      "resolved": "https://registry.npmjs.org/base64-arraybuffer-es6/-/base64-arraybuffer-es6-0.7.0.tgz",
+      "integrity": "sha512-ESyU/U1CFZDJUdr+neHRhNozeCv72Y7Vm0m1DCbjX3KBjT6eYocvAJlSk6+8+HkVwXlT1FNxhGW6q3UKAlCvvw==",
+      "dev": true
+    },
     "base64-js": {
       "version": "1.5.1",
       "resolved": "https://registry.npmjs.org/base64-js/-/base64-js-1.5.1.tgz",
@@ -15553,6 +15662,15 @@
         "yauzl": "^2.10.0"
       }
     },
+    "fake-indexeddb": {
+      "version": "4.0.2",
+      "resolved": "https://registry.npmjs.org/fake-indexeddb/-/fake-indexeddb-4.0.2.tgz",
+      "integrity": "sha512-SdTwEhnakbgazc7W3WUXOJfGmhH0YfG4d+dRPOFoYDRTL6U5t8tvrmkf2W/C3W1jk2ylV7Wrnj44RASqpX/lEw==",
+      "dev": true,
+      "requires": {
+        "realistic-structured-clone": "^3.0.0"
+      }
+    },
     "fast-deep-equal": {
       "version": "3.1.3",
       "resolved": "https://registry.npmjs.org/fast-deep-equal/-/fast-deep-equal-3.1.3.tgz",
@@ -18534,6 +18652,34 @@
         "picomatch": "^2.2.1"
       }
     },
+    "realistic-structured-clone": {
+      "version": "3.0.0",
+      "resolved": "https://registry.npmjs.org/realistic-structured-clone/-/realistic-structured-clone-3.0.0.tgz",
+      "integrity": "sha512-rOjh4nuWkAqf9PWu6JVpOWD4ndI+JHfgiZeMmujYcPi+fvILUu7g6l26TC1K5aBIp34nV+jE1cDO75EKOfHC5Q==",
+      "dev": true,
+      "requires": {
+        "domexception": "^1.0.1",
+        "typeson": "^6.1.0",
+        "typeson-registry": "^1.0.0-alpha.20"
+      },
+      "dependencies": {
+        "domexception": {
+          "version": "1.0.1",
+          "resolved": "https://registry.npmjs.org/domexception/-/domexception-1.0.1.tgz",
+          "integrity": "sha512-raigMkn7CJNNo6Ihro1fzG7wr3fHuYVytzquZKX5n0yizGsTcYgzdIUwj1X9pK0VvjeihV+XiclP+DjwbsSKug==",
+          "dev": true,
+          "requires": {
+            "webidl-conversions": "^4.0.2"
+          }
+        },
+        "webidl-conversions": {
+          "version": "4.0.2",
+          "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-4.0.2.tgz",
+          "integrity": "sha512-YQ+BmxuTgd6UXZW3+ICGfyqRyHXVlD5GtQr5+qjiNW7bF0cqrzX500HVXPBOvgXb5YnzDd+h0zqyv61KUD7+Sg==",
+          "dev": true
+        }
+      }
+    },
     "regexp.prototype.flags": {
       "version": "1.4.3",
       "resolved": "https://registry.npmjs.org/regexp.prototype.flags/-/regexp.prototype.flags-1.4.3.tgz",
@@ -19611,6 +19757,51 @@
       "integrity": "sha512-zaWCozRZ6DLEWAWFrVDz1H6FVXzUSfTy5FUMWsQlU8Ym5JP9eO4xkTIROFCQvhQf61z6O/G6ugw3SgAnvvm+HA==",
       "dev": true
     },
+    "typeson": {
+      "version": "6.1.0",
+      "resolved": "https://registry.npmjs.org/typeson/-/typeson-6.1.0.tgz",
+      "integrity": "sha512-6FTtyGr8ldU0pfbvW/eOZrEtEkczHRUtduBnA90Jh9kMPCiFNnXIon3vF41N0S4tV1HHQt4Hk1j4srpESziCaA==",
+      "dev": true
+    },
+    "typeson-registry": {
+      "version": "1.0.0-alpha.39",
+      "resolved": "https://registry.npmjs.org/typeson-registry/-/typeson-registry-1.0.0-alpha.39.tgz",
+      "integrity": "sha512-NeGDEquhw+yfwNhguLPcZ9Oj0fzbADiX4R0WxvoY8nGhy98IbzQy1sezjoEFWOywOboj/DWehI+/aUlRVrJnnw==",
+      "dev": true,
+      "requires": {
+        "base64-arraybuffer-es6": "^0.7.0",
+        "typeson": "^6.0.0",
+        "whatwg-url": "^8.4.0"
+      },
+      "dependencies": {
+        "tr46": {
+          "version": "2.1.0",
+          "resolved": "https://registry.npmjs.org/tr46/-/tr46-2.1.0.tgz",
+          "integrity": "sha512-15Ih7phfcdP5YxqiB+iDtLoaTz4Nd35+IiAv0kQ5FNKHzXgdWqPoTIqEDDJmXceQt4JZk6lVPT8lnDlPpGDppw==",
+          "dev": true,
+          "requires": {
+            "punycode": "^2.1.1"
+          }
+        },
+        "webidl-conversions": {
+          "version": "6.1.0",
+          "resolved": "https://registry.npmjs.org/webidl-conversions/-/webidl-conversions-6.1.0.tgz",
+          "integrity": "sha512-qBIvFLGiBpLjfwmYAaHPXsn+ho5xZnGvyGvsarywGNc8VyQJUMHJ8OBKGGrPER0okBeMDaan4mNBlgBROxuI8w==",
+          "dev": true
+        },
+        "whatwg-url": {
+          "version": "8.7.0",
+          "resolved": "https://registry.npmjs.org/whatwg-url/-/whatwg-url-8.7.0.tgz",
+          "integrity": "sha512-gAojqb/m9Q8a5IV96E3fHJM70AzCkgt4uXYX2O7EmuyOnLrViCQlsEBmF9UQIu3/aeAIp2U17rtbpZWNntQqdg==",
+          "dev": true,
+          "requires": {
+            "lodash": "^4.7.0",
+            "tr46": "^2.1.0",
+            "webidl-conversions": "^6.1.0"
+          }
+        }
+      }
+    },
     "ua-parser-js": {
       "version": "1.0.35",
       "resolved": "https://registry.npmjs.org/ua-parser-js/-/ua-parser-js-1.0.35.tgz",
diff --git a/package.json b/package.json
index 6a7449ac1d..5173ae781e 100644
--- a/package.json
+++ b/package.json
@@ -39,6 +39,7 @@
     "astro": "^2.4.1",
     "eslint": "8.47.0",
     "extract-zip": "^2.0.1",
+    "fake-indexeddb": "^4.0.2",
     "html-minifier-terser": "^7.2.0",
     "prettier": "2.8.0",
     "prettier-plugin-organize-imports": "^3.2.2",
diff --git a/scripts/update-dapps b/scripts/update-dapps
index 4f4bd27b8a..6a8ba3776d 100755
--- a/scripts/update-dapps
+++ b/scripts/update-dapps
@@ -132,7 +132,7 @@ function update() {
             echo "converting '$old' -> '$new'"
             # if the file is a huge SVG (surprising, but why not)
             # then convert it to a raster webp (with transparency)
-            convert -background none -size 256x256 "$old" "$new"
+            convert -background none -resize 256x256 "$old" "$new"
             dapps_json_tmp=$(mktemp)
             jq <"$DAPPS_JSON" \
                 --arg old "$(basename "$old")" --arg new "$(basename "$new")" \
@@ -142,6 +142,24 @@ function update() {
         fi
     done < <(find "$II_LOGO_PREFIX" -mindepth 1 -type f -size +20k)
 
+    # This goes through all logos ending in jpg or jpeg and converts them to webp
+    while read -r jpg_logo
+    do
+        echo "found JPG logo '$jpg_logo'"
+        old="$jpg_logo"
+        new="${jpg_logo%.*}.webp"
+
+        echo "converting '$old' -> '$new'"
+        # convert to webp
+        convert "$old" "$new"
+        dapps_json_tmp=$(mktemp)
+        jq <"$DAPPS_JSON" \
+            --arg old "$(basename "$old")" --arg new "$(basename "$new")" \
+            '[ .[] | .logo |= sub("^" + $old + "$"; $new) ]' > "$dapps_json_tmp"
+        mv "$dapps_json_tmp" "$DAPPS_JSON"
+        rm "$old"
+    done < <(find "$II_LOGO_PREFIX" -mindepth 1 -type f \( -name \*.jpg -o -name \*.jpeg \) )
+
     # Remove logos that are still too big
     # This goes through all logos bigger than a certain size and removes them
     while read -r big_logo
diff --git a/src/frontend/assets/icons/arth_logo.png b/src/frontend/assets/icons/arth_logo.png
new file mode 100644
index 0000000000..c000febe9d
Binary files /dev/null and b/src/frontend/assets/icons/arth_logo.png differ
diff --git a/src/frontend/assets/icons/bink_logo.png b/src/frontend/assets/icons/bink_logo.png
deleted file mode 100644
index 3d38913278..0000000000
Binary files a/src/frontend/assets/icons/bink_logo.png and /dev/null differ
diff --git a/src/frontend/assets/icons/cyqlio_logo.svg b/src/frontend/assets/icons/cyqlio_logo.svg
new file mode 100644
index 0000000000..c0bfcc3bed
--- /dev/null
+++ b/src/frontend/assets/icons/cyqlio_logo.svg
@@ -0,0 +1 @@
+<svg fill="none" height="48" viewBox="0 0 48 48" width="48" xmlns="http://www.w3.org/2000/svg"><rect fill="#6200ea" height="48" rx="24" width="48"/><path d="m29.6816 23.0481c.0526.3104.0956.6256.0956.9519 0 3.1788-2.5802 5.7558-5.7629 5.7558-3.1826 0-5.7629-2.577-5.7629-5.7558s2.5803-5.7543 5.7629-5.7543c1.3005 0 2.4878.4473 3.452 1.1732l2.1962-7.0818c-1.7133-.8309-3.613-1.3371-5.6466-1.3371-7.1892 0-13.0159 5.8211-13.0159 13s5.8267 13 13.0159 13c7.0809 0 12.8136-5.654 12.9841-12.6864z" fill="#fff"/></svg>
\ No newline at end of file
diff --git a/src/frontend/assets/icons/d-vote_logo.webp b/src/frontend/assets/icons/d-vote_logo.webp
new file mode 100644
index 0000000000..9f803d2d7c
Binary files /dev/null and b/src/frontend/assets/icons/d-vote_logo.webp differ
diff --git a/src/frontend/assets/icons/departurelabs_logo.webp b/src/frontend/assets/icons/departurelabs_logo.webp
deleted file mode 100644
index f1d52ccf02..0000000000
Binary files a/src/frontend/assets/icons/departurelabs_logo.webp and /dev/null differ
diff --git a/src/frontend/assets/icons/dsign_logo.webp b/src/frontend/assets/icons/dsign_logo.webp
new file mode 100644
index 0000000000..c23b77b7d5
Binary files /dev/null and b/src/frontend/assets/icons/dsign_logo.webp differ
diff --git a/src/frontend/assets/icons/hot_or_not_logo.webp b/src/frontend/assets/icons/hot_or_not_logo.webp
index 9becbb23d7..3daf99fd03 100644
Binary files a/src/frontend/assets/icons/hot_or_not_logo.webp and b/src/frontend/assets/icons/hot_or_not_logo.webp differ
diff --git a/src/frontend/assets/icons/ichub_logo.png b/src/frontend/assets/icons/ichub_logo.png
new file mode 100644
index 0000000000..325caa574f
Binary files /dev/null and b/src/frontend/assets/icons/ichub_logo.png differ
diff --git a/src/frontend/assets/icons/joined-africa_logo.webp b/src/frontend/assets/icons/joined-africa_logo.webp
new file mode 100644
index 0000000000..b6764aa2ac
Binary files /dev/null and b/src/frontend/assets/icons/joined-africa_logo.webp differ
diff --git a/src/frontend/assets/icons/metaforo-icp_logo.png b/src/frontend/assets/icons/metaforo-icp_logo.png
new file mode 100644
index 0000000000..2962fb3cab
Binary files /dev/null and b/src/frontend/assets/icons/metaforo-icp_logo.png differ
diff --git a/src/frontend/assets/icons/motokopilot_logo.png b/src/frontend/assets/icons/motokopilot_logo.png
new file mode 100644
index 0000000000..3ef332e02f
Binary files /dev/null and b/src/frontend/assets/icons/motokopilot_logo.png differ
diff --git a/src/frontend/assets/icons/nobleblocks_logo.webp b/src/frontend/assets/icons/nobleblocks_logo.webp
new file mode 100644
index 0000000000..77a115aa03
Binary files /dev/null and b/src/frontend/assets/icons/nobleblocks_logo.webp differ
diff --git a/src/frontend/assets/icons/oisy_logo.svg b/src/frontend/assets/icons/oisy_logo.svg
new file mode 100644
index 0000000000..65cb79bbfb
--- /dev/null
+++ b/src/frontend/assets/icons/oisy_logo.svg
@@ -0,0 +1,48 @@
+<svg width="43" height="44" viewBox="0 0 43 44" fill="none" xmlns="http://www.w3.org/2000/svg">
+<g clip-path="url(#clip0_321_21736)">
+<rect y="0.791016" width="42.4169" height="42.4171" rx="21.2084" fill="#1E005D"/>
+<g filter="url(#filter0_f_321_21736)">
+<path d="M6.68873 -76.2627C6.68874 -130.072 86.235 -144.569 137.928 -144.569C189.621 -144.569 231.527 -100.948 231.527 -47.1383C231.527 6.67095 189.621 50.292 137.928 50.292C86.235 50.292 6.68873 -22.4534 6.68873 -76.2627Z" fill="#FEE7C3"/>
+</g>
+<g filter="url(#filter1_b_321_21736)">
+<path d="M11.2237 20.6519L19.0962 38.7242L34.9456 27.0762L25.6344 62.786L1.63161 56.3544L11.2237 20.6519Z" fill="#FCFAF6"/>
+</g>
+<path d="M11.2237 20.6519L19.1319 38.5912L34.9457 27.0756L25.7199 62.4672L1.71702 56.0356L11.2237 20.6519Z" fill="url(#paint0_linear_321_21736)"/>
+<path d="M28.8574 2.34668L25.0882 16.4138L35.5542 24.9124L28.8574 2.34668Z" fill="#D7CAF1"/>
+<path d="M28.8574 2.34639L11.7735 18.54L25.0882 16.4135L28.8574 2.34639Z" fill="white"/>
+<path d="M21.2222 30.8423L18.6611 40.4007L34.969 27.1284L21.2222 30.8423Z" fill="#F9F8FB"/>
+<path d="M21.2222 30.8423L18.6611 40.4007L34.969 27.1284L21.2222 30.8423Z" fill="#C9BFEC"/>
+<path d="M18.6611 40.4004L21.2226 30.8405L11.1804 20.7539L18.6611 40.4004Z" fill="white"/>
+<path d="M21.8149 28.6301L35.5542 24.9125L25.0874 16.417L21.8149 28.6301Z" fill="#B199E3"/>
+<path d="M11.7736 18.5411L21.8149 28.6308L25.0874 16.4177L11.7736 18.5411Z" fill="#D7CBF1"/>
+<g filter="url(#filter2_f_321_21736)">
+<path d="M-165.589 -51.5672C-165.589 -87.9459 -111.765 -97.7466 -76.787 -97.7466C-41.8093 -97.7466 -13.4543 -68.2559 -13.4543 -31.8772C-13.4543 4.50146 -41.8093 33.9922 -76.787 33.9922C-111.765 33.9922 -165.589 -15.1885 -165.589 -51.5672Z" fill="#9275B4"/>
+</g>
+</g>
+<defs>
+<filter id="filter0_f_321_21736" x="-129.577" y="-280.834" width="497.369" height="467.392" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feBlend mode="normal" in="SourceGraphic" in2="BackgroundImageFix" result="shape"/>
+<feGaussianBlur stdDeviation="68.1329" result="effect1_foregroundBlur_321_21736"/>
+</filter>
+<filter id="filter1_b_321_21736" x="-2.92696" y="16.0938" width="42.4311" height="51.2509" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feGaussianBlur in="BackgroundImageFix" stdDeviation="2.27928"/>
+<feComposite in2="SourceAlpha" operator="in" result="effect1_backgroundBlur_321_21736"/>
+<feBlend mode="normal" in="SourceGraphic" in2="effect1_backgroundBlur_321_21736" result="shape"/>
+</filter>
+<filter id="filter2_f_321_21736" x="-294.613" y="-226.772" width="410.184" height="389.788" filterUnits="userSpaceOnUse" color-interpolation-filters="sRGB">
+<feFlood flood-opacity="0" result="BackgroundImageFix"/>
+<feBlend mode="normal" in="SourceGraphic" in2="BackgroundImageFix" result="shape"/>
+<feGaussianBlur stdDeviation="64.5122" result="effect1_foregroundBlur_321_21736"/>
+</filter>
+<linearGradient id="paint0_linear_321_21736" x1="6.1732" y1="55.2442" x2="14.4199" y2="25.1623" gradientUnits="userSpaceOnUse">
+<stop offset="0.0596422" stop-color="#ED1E79" stop-opacity="0"/>
+<stop offset="0.578033" stop-color="#ED1E79" stop-opacity="0.62"/>
+<stop offset="1" stop-color="#522785"/>
+</linearGradient>
+<clipPath id="clip0_321_21736">
+<rect y="0.791016" width="42.4169" height="42.4171" rx="21.2084" fill="white"/>
+</clipPath>
+</defs>
+</svg>
diff --git a/src/frontend/assets/icons/rakeoff_logo.webp b/src/frontend/assets/icons/rakeoff_logo.webp
new file mode 100644
index 0000000000..e4f3ccb823
Binary files /dev/null and b/src/frontend/assets/icons/rakeoff_logo.webp differ
diff --git a/src/frontend/assets/icons/signals_logo.webp b/src/frontend/assets/icons/signals_logo.webp
new file mode 100644
index 0000000000..216b98a8e5
Binary files /dev/null and b/src/frontend/assets/icons/signals_logo.webp differ
diff --git a/src/frontend/assets/icons/vibeverse_logo.png b/src/frontend/assets/icons/vibeverse_logo.png
new file mode 100644
index 0000000000..9af743bc66
Binary files /dev/null and b/src/frontend/assets/icons/vibeverse_logo.png differ
diff --git a/src/frontend/src/components/authenticateBox.ts b/src/frontend/src/components/authenticateBox.ts
index 6b2ab52afa..ff1c2f4129 100644
--- a/src/frontend/src/components/authenticateBox.ts
+++ b/src/frontend/src/components/authenticateBox.ts
@@ -1,4 +1,12 @@
+import { withLoader } from "$src/components/loader";
+import {
+  PinIdentityMaterial,
+  pinIdentityToDerPubkey,
+  reconstructPinIdentity,
+} from "$src/crypto/pinIdentity";
 import { registerTentativeDevice } from "$src/flows/addDevice/welcomeView/registerTentativeDevice";
+import { idbRetrievePinIdentityMaterial } from "$src/flows/pin/idb";
+import { usePin } from "$src/flows/pin/usePin";
 import { useRecovery } from "$src/flows/recovery/useRecovery";
 import { getRegisterFlowOpts, registerFlow } from "$src/flows/register";
 import { I18n } from "$src/i18n";
@@ -9,7 +17,12 @@ import {
   LoginFlowSuccess,
   apiResultToLoginFlowResult,
 } from "$src/utils/flowResult";
-import { Connection, LoginResult } from "$src/utils/iiConnection";
+import {
+  AuthenticatedConnection,
+  Connection,
+  LoginResult,
+  bufferEqual,
+} from "$src/utils/iiConnection";
 import { TemplateElement, withRef } from "$src/utils/lit-html";
 import {
   getAnchors,
@@ -30,10 +43,10 @@ import {
   secureIcon,
   signInIcon,
 } from "./icons";
-import { withLoader } from "./loader";
 import { mainWindow } from "./mainWindow";
 import { promptUserNumber } from "./promptUserNumber";
 
+import { DerEncodedPublicKey } from "@dfinity/agent";
 import copyJson from "./authenticateBox.json";
 
 /** Template used for rendering specific authentication screens. See `authnScreens` below
@@ -62,13 +75,17 @@ export const authenticateBox = async ({
   templates: AuthnTemplates;
 }): Promise<LoginData & { newAnchor: boolean }> => {
   const promptAuth = () =>
-    authenticateBoxFlow({
+    authenticateBoxFlow<AuthenticatedConnection, PinIdentityMaterial>({
       i18n,
       templates,
       addDevice: (userNumber) => asNewDevice(connection, userNumber),
-      login: (userNumber) => login({ connection, userNumber }),
+      loginPasskey: (userNumber) => loginPasskey({ connection, userNumber }),
+      loginPinIdentityMaterial: (opts) =>
+        loginPinIdentityMaterial({ ...opts, connection }),
       recover: () => useRecovery(connection),
       registerFlowOpts: getRegisterFlowOpts({ connection }),
+      retrievePinIdentityMaterial: ({ userNumber }) =>
+        retrievePinIdentityWithCheck(connection, userNumber),
     });
 
   // Retry until user has successfully authenticated
@@ -84,19 +101,37 @@ export const authenticateBox = async ({
 
 /** Authentication box component which authenticates a user
  * to II or to another dapp */
-export const authenticateBoxFlow = async <T>({
+export const authenticateBoxFlow = async <T, I>({
   i18n,
   templates,
   addDevice,
-  login,
+  loginPasskey,
+  loginPinIdentityMaterial,
   recover,
   registerFlowOpts,
+  retrievePinIdentityMaterial,
 }: {
   i18n: I18n;
   templates: AuthnTemplates;
   addDevice: (userNumber?: bigint) => Promise<{ alias: string }>;
-  login: (userNumber: bigint) => Promise<LoginFlowSuccess<T> | LoginFlowError>;
+  loginPasskey: (
+    userNumber: bigint
+  ) => Promise<LoginFlowSuccess<T> | LoginFlowError>;
+  loginPinIdentityMaterial: ({
+    userNumber,
+    pin,
+    pinIdentityMaterial,
+  }: {
+    userNumber: bigint;
+    pin: string;
+    pinIdentityMaterial: I;
+  }) => Promise<LoginFlowResult<T> | { tag: "err"; message: string }>;
   recover: () => Promise<LoginFlowResult<T>>;
+  retrievePinIdentityMaterial: ({
+    userNumber,
+  }: {
+    userNumber: bigint;
+  }) => Promise<I | undefined>;
   registerFlowOpts: Parameters<typeof registerFlow<T>>[0];
 }): Promise<LoginFlowResult<T> & { newAnchor: boolean }> => {
   const pages = authnScreens(i18n, { ...templates });
@@ -120,14 +155,62 @@ export const authenticateBoxFlow = async <T>({
     };
   };
 
+  const doLogin = async ({
+    userNumber,
+  }: {
+    userNumber: bigint;
+  }): Promise<LoginFlowResult<T> & { newAnchor: boolean }> => {
+    const pinIdentityMaterial = await retrievePinIdentityMaterial({
+      userNumber,
+    });
+
+    if (pinIdentityMaterial === undefined) {
+      // this user number does not have a browser storage identity
+      const result = await withLoader(() => loginPasskey(userNumber));
+      return { newAnchor: false, ...result };
+    }
+
+    // Otherwise, attempt login with PIN
+    const result = await usePin({
+      verifyPin: async (pin) => {
+        const result = await loginPinIdentityMaterial({
+          userNumber,
+          pin,
+          pinIdentityMaterial,
+        });
+        if (result.tag === "err") {
+          return { ok: false, error: result.message };
+        }
+        return { ok: true, value: result };
+      },
+    });
+
+    if (result.kind === "canceled") {
+      return {
+        newAnchor: false,
+        tag: "canceled",
+      } as const;
+    }
+
+    if (result.kind === "passkey") {
+      // User still decided to use a passkey
+      const result = await withLoader(() => loginPasskey(userNumber));
+      return { newAnchor: false, ...result };
+    }
+
+    result satisfies { kind: "pin" };
+    const { result: pinResult } = result;
+
+    return { newAnchor: false, ...pinResult };
+  };
+
   // Prompt for an identity number
   const doPrompt = async (): Promise<
     LoginFlowResult<T> & { newAnchor: boolean }
   > => {
     const result = await pages.useExisting();
     if (result.tag === "submit") {
-      const result2 = await withLoader(() => login(result.userNumber));
-      return { newAnchor: false, ...result2 };
+      return doLogin({ userNumber: result.userNumber });
     }
 
     if (result.tag === "add_device") {
@@ -159,8 +242,7 @@ export const authenticateBoxFlow = async <T>({
     const result = await pages.pick({ anchors });
 
     if (result.tag === "pick") {
-      const result1 = await withLoader(() => login(result.userNumber));
-      return { newAnchor: false, ...result1 };
+      return doLogin({ userNumber: result.userNumber });
     }
 
     result satisfies { tag: "more_options" };
@@ -437,7 +519,7 @@ const page = (slot: TemplateResult) => {
   render(template, container);
 };
 
-const login = ({
+const loginPasskey = ({
   connection,
   userNumber,
 }: {
@@ -448,6 +530,36 @@ const login = ({
     login: () => connection.login(userNumber),
   });
 
+const loginPinIdentityMaterial = ({
+  connection,
+  userNumber,
+  pin,
+  pinIdentityMaterial,
+}: {
+  connection: Connection;
+  userNumber: bigint;
+  pin: string;
+  pinIdentityMaterial: PinIdentityMaterial;
+}): Promise<LoginFlowResult | { tag: "err"; message: string }> => {
+  return withLoader(async () => {
+    try {
+      const identity = await reconstructPinIdentity({
+        pin,
+        pinIdentityMaterial,
+      });
+      return handleLogin({
+        login: () => connection.fromIdentity(userNumber, identity),
+      });
+    } catch {
+      // We handle all exceptions as wrong PIN because there is no nice way to check for that particular failure.
+      // The best we could do is check that the error is a DOMException and that the name is "OperationError". However,
+      // the "OperationError" names is still marked as experimental, so we should not rely on that.
+      // See https://developer.mozilla.org/en-US/docs/Web/API/DOMException
+      return { tag: "err", message: "Invalid PIN" };
+    }
+  });
+};
+
 // Register this device as a new device with the anchor
 const asNewDevice = async (
   connection: Connection,
@@ -475,3 +587,28 @@ const asNewDevice = async (
     connection
   );
 };
+
+// Retrieve the PIN identity material from the browser storage and check that it is still valid for the given user number.
+const retrievePinIdentityWithCheck = async (
+  connection: Connection,
+  userNumber: bigint
+): Promise<PinIdentityMaterial | undefined> => {
+  const [pinIdentity, authenticators] = await Promise.all([
+    idbRetrievePinIdentityMaterial({ userNumber }),
+    connection.lookupAuthenticators(userNumber),
+  ]);
+  if (nonNullish(pinIdentity)) {
+    const pinPubkeyDer = await pinIdentityToDerPubkey(pinIdentity);
+    // Check that the authenticator is still present on the identity.
+    const authenticator = authenticators.find((authenticator) =>
+      bufferEqual(
+        new Uint8Array(authenticator.pubkey).buffer as DerEncodedPublicKey,
+        pinPubkeyDer
+      )
+    );
+    if (nonNullish(authenticator)) {
+      return pinIdentity;
+    }
+  }
+  return undefined;
+};
diff --git a/src/frontend/src/components/icons.ts b/src/frontend/src/components/icons.ts
index e909f78dac..3079675369 100644
--- a/src/frontend/src/components/icons.ts
+++ b/src/frontend/src/components/icons.ts
@@ -541,21 +541,28 @@ export const verifyIcon = html`
   </svg>
 `;
 
-export const hackerIcon = html`
-  <svg
-    width="53"
-    height="53"
-    viewBox="0 0 53 53"
-    fill="none"
-    xmlns="http://www.w3.org/2000/svg"
-  >
-    <path
-      d="M39.75 19.875C39.75 20.7892 39.008 21.5312 38.0938 21.5312H14.9062C13.992 21.5312 13.25 20.7892 13.25 19.875C13.25 18.9607 13.992 18.2187 14.9062 18.2187H17.7285C18.2585 15.7526 19.3417 11.2824 20.4282 10.2224C21.5876 9.08784 24.9348 11.7047 26.5 11.7047C28.0652 11.7047 31.4124 9.0895 32.5735 10.2224C33.66 11.2824 34.7415 15.7526 35.2732 18.2187H38.0938C39.008 18.2187 39.75 18.9607 39.75 19.875ZM36.4375 27.3281C36.4375 29.6154 34.5842 31.4687 32.2969 31.4687C30.4452 31.4687 28.8966 30.2448 28.3666 28.5703H24.6334C24.1034 30.2464 22.5548 31.4687 20.7031 31.4687C18.4158 31.4687 16.5625 29.6154 16.5625 27.3281C16.5625 25.0408 18.4158 23.1875 20.7031 23.1875C22.5532 23.1875 24.1018 24.4098 24.6334 26.0859H28.3683C28.8983 24.4098 30.4468 23.1875 32.2969 23.1875C34.5842 23.1875 36.4375 25.0408 36.4375 27.3281Z"
-      fill="black"
-    />
+export const hackerIcon = html` <svg
+  width="53"
+  height="53"
+  viewBox="0 0 53 53"
+  fill="none"
+  xmlns="http://www.w3.org/2000/svg"
+>
+  <path
+    d="M39.75 19.875C39.75 20.7892 39.008 21.5312 38.0938 21.5312H14.9062C13.992 21.5312 13.25 20.7892 13.25 19.875C13.25 18.9607 13.992 18.2187 14.9062 18.2187H17.7285C18.2585 15.7526 19.3417 11.2824 20.4282 10.2224C21.5876 9.08784 24.9348 11.7047 26.5 11.7047C28.0652 11.7047 31.4124 9.0895 32.5735 10.2224C33.66 11.2824 34.7415 15.7526 35.2732 18.2187H38.0938C39.008 18.2187 39.75 18.9607 39.75 19.875ZM36.4375 27.3281C36.4375 29.6154 34.5842 31.4687 32.2969 31.4687C30.4452 31.4687 28.8966 30.2448 28.3666 28.5703H24.6334C24.1034 30.2464 22.5548 31.4687 20.7031 31.4687C18.4158 31.4687 16.5625 29.6154 16.5625 27.3281C16.5625 25.0408 18.4158 23.1875 20.7031 23.1875C22.5532 23.1875 24.1018 24.4098 24.6334 26.0859H28.3683C28.8983 24.4098 30.4468 23.1875 32.2969 23.1875C34.5842 23.1875 36.4375 25.0408 36.4375 27.3281Z"
+    fill="black"
+  />
+  <path
+    d="M46.375 3.3125H6.625C4.79484 3.3125 3.3125 4.79484 3.3125 6.625V38.0938C3.3125 39.9239 4.79484 41.4062 6.625 41.4062H46.375C48.2052 41.4062 49.6875 39.9239 49.6875 38.0938V6.625C49.6875 4.79484 48.2052 3.3125 46.375 3.3125ZM46.375 6.625L46.3767 34.7812H6.625V6.625H46.375ZM36.4375 47.2031V48.8594C36.4375 49.3165 36.0665 49.6875 35.6094 49.6875H17.3906C16.9335 49.6875 16.5625 49.3165 16.5625 48.8594V47.2031C16.5625 46.746 16.9335 46.375 17.3906 46.375H20.0721C20.781 45.5866 21.3093 44.7651 21.6588 43.8906H31.3412C31.6907 44.7651 32.219 45.5866 32.9279 46.375H35.6094C36.0665 46.375 36.4375 46.746 36.4375 47.2031Z"
+    fill="black"
+  />
+</svg>`;
+
+export const cypherIcon = html`
+  <svg viewBox="0 0 24 24" xmlns="http://www.w3.org/2000/svg">
     <path
-      d="M46.375 3.3125H6.625C4.79484 3.3125 3.3125 4.79484 3.3125 6.625V38.0938C3.3125 39.9239 4.79484 41.4062 6.625 41.4062H46.375C48.2052 41.4062 49.6875 39.9239 49.6875 38.0938V6.625C49.6875 4.79484 48.2052 3.3125 46.375 3.3125ZM46.375 6.625L46.3767 34.7812H6.625V6.625H46.375ZM36.4375 47.2031V48.8594C36.4375 49.3165 36.0665 49.6875 35.6094 49.6875H17.3906C16.9335 49.6875 16.5625 49.3165 16.5625 48.8594V47.2031C16.5625 46.746 16.9335 46.375 17.3906 46.375H20.0721C20.781 45.5866 21.3093 44.7651 21.6588 43.8906H31.3412C31.6907 44.7651 32.219 45.5866 32.9279 46.375H35.6094C36.0665 46.375 36.4375 46.746 36.4375 47.2031Z"
-      fill="black"
+      d="M13.4757 5V9.89326L18.1297 8.35955L19 10.9888L14.3081 12.486L17.4108 16.3202L15.1027 18L11.9622 14.0197L9.01081 17.9635L6.7027 16.2837L9.69189 12.486L5 10.9888L5.87027 8.35955L10.4865 9.92978V5H13.4757Z"
+      fill="currentColor"
     />
   </svg>
 `;
diff --git a/src/frontend/src/components/pinInput.test.ts b/src/frontend/src/components/pinInput.test.ts
index 3ca8d1c3fd..bd3841c556 100644
--- a/src/frontend/src/components/pinInput.test.ts
+++ b/src/frontend/src/components/pinInput.test.ts
@@ -58,7 +58,7 @@ describe("pin input", () => {
     );
   });
 
-  test("writing to all chars triggers autosubmit only once", () => {
+  test("writing to all chars triggers submit on every dispatch", () => {
     const onSubmit: (pin: string) => void = vi.fn();
 
     render(pinInputId({ onSubmit }).template, document.body);
@@ -70,8 +70,8 @@ describe("pin input", () => {
     }
 
     expect(onSubmit).toHaveBeenCalledOnce();
-    dispatchInput(inputs[0], "a"); // after an extra dispatch, the submit should still only have been called once
-    expect(onSubmit).toHaveBeenCalledOnce();
+    dispatchInput(inputs[0], "a"); // after an extra dispatch the value should be submitted again
+    expect(onSubmit).toHaveBeenCalledTimes(2);
   });
 
   test("writing to all chars removes focus", () => {
diff --git a/src/frontend/src/components/pinInput.ts b/src/frontend/src/components/pinInput.ts
index f0e4852f17..d8e0e672e6 100644
--- a/src/frontend/src/components/pinInput.ts
+++ b/src/frontend/src/components/pinInput.ts
@@ -1,4 +1,5 @@
 import { toast } from "$src/components/toast";
+import type { DynamicKey } from "$src/utils/i18n";
 import { mount, withRef } from "$src/utils/lit-html";
 import { Chan, withInputElement, zip } from "$src/utils/utils";
 import { isNullish, nonNullish } from "@dfinity/utils";
@@ -8,7 +9,7 @@ import { Ref, createRef, ref } from "lit-html/directives/ref.js";
 
 export type PinResult<T> =
   | { ok: true; value: T }
-  | { ok: false; error: string };
+  | { ok: false; error: string | DynamicKey };
 
 // A Pin Input component
 export const pinInput = <T>({
@@ -39,7 +40,7 @@ export const pinInput = <T>({
   const listRoot: Ref<HTMLUListElement> = createRef();
 
   // A currently displayed error, if any
-  const currentError = new Chan<string | undefined>(undefined);
+  const currentError = new Chan<string | DynamicKey | undefined>(undefined);
   const hasError = currentError.map((e) => nonNullish(e));
 
   // Called on submission, either autosubmit (when filled) or when '.submit()' is called
@@ -55,17 +56,6 @@ export const pinInput = <T>({
     onSubmit_(result.value);
   };
 
-  // We autosubmit only once
-  let didAutosubmit = false;
-  const autosubmit = (pin: string) => {
-    if (didAutosubmit) {
-      return;
-    }
-
-    didAutosubmit = true;
-    onSubmit(pin);
-  };
-
   const errorMessage = currentError.map((currentError) =>
     nonNullish(currentError)
       ? html`<p class="t-centered t-error c-input--stack">${currentError}</p>`
@@ -88,7 +78,7 @@ export const pinInput = <T>({
   const onInput_ = (evnt: InputEvent, element: HTMLInputElement) =>
     withInputs((inputs) => {
       currentError.send(undefined);
-      onInput({ element, evnt, inputs, onFilled: autosubmit });
+      onInput({ element, evnt, inputs, onFilled: onSubmit });
     });
   const onPaste_ = (evnt: ClipboardEvent, element: HTMLInputElement) =>
     withInputs((inputs) => {
@@ -123,7 +113,7 @@ export const pinInput = <T>({
           /* XXX: we use a special class/font for the 'secret' PIN input instead of setting
            * type="password", otherwise the browser tries to save one char as a password */
           (_, ix) => html`
-            <li class="c-list--pin-char c-input--anchor">
+            <li class="c-list__item--pin c-input--anchor">
               <label class="c-input--anchor__wrap">
                 <input
                   ${
diff --git a/src/frontend/src/components/warnBox.ts b/src/frontend/src/components/warnBox.ts
index 0c0b9ac2fe..f267f0faef 100644
--- a/src/frontend/src/components/warnBox.ts
+++ b/src/frontend/src/components/warnBox.ts
@@ -9,6 +9,7 @@ import { warningIcon } from "./icons";
 
 interface warnBoxProps {
   title: TemplateElement;
+  headerSlot?: TemplateElement;
   message: TemplateElement;
   slot?: TemplateResult;
   htmlElement?: "div" | "aside";
@@ -17,6 +18,7 @@ interface warnBoxProps {
 
 export const warnBox = ({
   title,
+  headerSlot,
   message,
   slot,
   htmlElement = "aside",
@@ -28,7 +30,10 @@ export const warnBox = ({
   }
   const contents: TemplateResult = html`
     <span class="c-card__label c-card__label--hasIcon" aria-hidden="true">
-      <i class="c-card__icon c-icon c-icon--error__flipped">${warningIcon}</i>
+      <i class="c-card__icon c-icon c-icon--error__flipped c-icon--inline"
+        >${warningIcon}</i
+      >
+      ${headerSlot}
     </span>
     <h3 class="t-title c-card__title">${title}</h3>
     <div data-role="warning-message" class="t-paragraph c-card__paragraph">
diff --git a/src/frontend/src/crypto/pinIdentity.ts b/src/frontend/src/crypto/pinIdentity.ts
index 0b77645170..81302c90a9 100644
--- a/src/frontend/src/crypto/pinIdentity.ts
+++ b/src/frontend/src/crypto/pinIdentity.ts
@@ -1,4 +1,4 @@
-import { SignIdentity } from "@dfinity/agent";
+import { DerEncodedPublicKey, SignIdentity } from "@dfinity/agent";
 import { ECDSAKeyIdentity } from "@dfinity/identity";
 import { z } from "zod";
 
@@ -236,3 +236,12 @@ export const generateBrowserKey = async (): Promise<CryptoKey> => {
   );
   return key;
 };
+
+export const pinIdentityToDerPubkey = async (
+  pinIdentity: PinIdentityMaterial
+): Promise<DerEncodedPublicKey> => {
+  return (await crypto.subtle.exportKey(
+    "spki",
+    pinIdentity.publicKey
+  )) as DerEncodedPublicKey;
+};
diff --git a/src/frontend/src/flows/addDevice/manage/addFIDODevice.ts b/src/frontend/src/flows/addDevice/manage/addFIDODevice.ts
index 2c38fa5bd9..5ff2e927e0 100644
--- a/src/frontend/src/flows/addDevice/manage/addFIDODevice.ts
+++ b/src/frontend/src/flows/addDevice/manage/addFIDODevice.ts
@@ -1,7 +1,7 @@
 import { DeviceData } from "$generated/internet_identity_types";
 import { displayError } from "$src/components/displayError";
 import { withLoader } from "$src/components/loader";
-import { inferAlias, loadUAParser } from "$src/flows/register";
+import { inferPasskeyAlias, loadUAParser } from "$src/flows/register";
 import { authenticatorAttachmentToKeyType } from "$src/utils/authenticatorAttachment";
 import {
   AuthenticatedConnection,
@@ -59,7 +59,7 @@ export const addFIDODevice = async (
     return;
   }
 
-  const deviceName = await inferAlias({
+  const deviceName = await inferPasskeyAlias({
     authenticatorType: newDevice.getAuthenticatorAttachment(),
     userAgent: navigator.userAgent,
     uaParser,
diff --git a/src/frontend/src/flows/addDevice/welcomeView/registerTentativeDevice.ts b/src/frontend/src/flows/addDevice/welcomeView/registerTentativeDevice.ts
index 68048aa85b..eac8fa647d 100644
--- a/src/frontend/src/flows/addDevice/welcomeView/registerTentativeDevice.ts
+++ b/src/frontend/src/flows/addDevice/welcomeView/registerTentativeDevice.ts
@@ -5,7 +5,7 @@ import {
 } from "$generated/internet_identity_types";
 import { displayError } from "$src/components/displayError";
 import { withLoader } from "$src/components/loader";
-import { inferAlias, loadUAParser } from "$src/flows/register";
+import { inferPasskeyAlias, loadUAParser } from "$src/flows/register";
 import { authenticatorAttachmentToKeyType } from "$src/utils/authenticatorAttachment";
 import { Connection, creationOptions } from "$src/utils/iiConnection";
 import { setAnchorUsed } from "$src/utils/userNumber";
@@ -56,7 +56,7 @@ export const registerTentativeDevice = async (
     return window.location.reload() as never;
   }
 
-  const alias = await inferAlias({
+  const alias = await inferPasskeyAlias({
     authenticatorType: result.getAuthenticatorAttachment(),
     userAgent: navigator.userAgent,
     uaParser,
diff --git a/src/frontend/src/flows/dappsExplorer/dapps.json b/src/frontend/src/flows/dappsExplorer/dapps.json
index 8130c25ab0..b436d25aab 100644
--- a/src/frontend/src/flows/dappsExplorer/dapps.json
+++ b/src/frontend/src/flows/dappsExplorer/dapps.json
@@ -5,6 +5,34 @@
     "website": "https://dscvr.one/",
     "logo": "dscvr_logo.webp"
   },
+  {
+    "name": "OpenChat",
+    "oneLiner": "Decentralized alternative to WhatsApp",
+    "website": "https://oc.app/",
+    "logo": "openchat_logo.webp"
+  },
+  {
+    "name": "ICPSwap",
+    "website": "https://icpswap.com",
+    "logo": "icpswap_logo.webp"
+  },
+  {
+    "name": "Funded",
+    "oneLiner": "Fund your favorite projects and get NFT rewards",
+    "website": "https://funded.app/",
+    "logo": "funded_logo.webp"
+  },
+  {
+    "name": "Dmail",
+    "oneLiner": "Web3 Decentralized Email Client",
+    "website": "https://dmail.ai/",
+    "logo": "dmail_logo.webp"
+  },
+  {
+    "name": "ICDex",
+    "website": "https://avjzx-pyaaa-aaaaj-aadmq-cai.raw.ic0.app/ICDex",
+    "logo": "icdex_logo.webp"
+  },
   {
     "name": "distrikt",
     "oneLiner": "Censorship-resistant fully on-chain social media platform",
@@ -16,17 +44,16 @@
     "logo": "distrikt_logo.webp"
   },
   {
-    "name": "Kontribute",
-    "oneLiner": "Web3 storytelling",
-    "website": "https://kontribute.app",
-    "logo": "kontribute_logo.webp"
+    "name": "Hot or Not",
+    "oneLiner": "Token rewards for both content creators and lurkers",
+    "website": "https://hotornot.wtf/",
+    "logo": "hot_or_not_logo.webp"
   },
   {
-    "name": "Juno",
-    "oneLiner": "Build Web3 Apps Like It's Web2",
-    "website": "https://juno.build",
-    "authOrigins": ["https://console.juno.build"],
-    "logo": "juno_logo.svg"
+    "name": "Yumi",
+    "oneLiner": "NFT marketplace for digital and physical assets",
+    "website": "https://tppkg-ziaaa-aaaal-qatrq-cai.raw.ic0.app/",
+    "logo": "yumi_logo.webp"
   },
   {
     "name": "Kinic",
@@ -35,21 +62,9 @@
     "logo": "kinic_logo.webp"
   },
   {
-    "name": "OpenChat",
-    "oneLiner": "Decentralized alternative to WhatsApp",
-    "website": "https://oc.app/",
-    "logo": "openchat_logo.webp"
-  },
-  {
-    "name": "Uniswap Front End on the IC",
-    "website": "https://yrog5-xqaaa-aaaap-qa5za-cai.ic0.app/#/swap",
-    "oneLiner": "Front-End On-Chain",
-    "logo": "uniswapfrontendontheic_logo.webp"
-  },
-  {
-    "name": "Seers",
-    "website": "https://seers.social/",
-    "logo": "seers_logo.webp"
+    "name": "MODCLUB",
+    "website": "https://ljyte-qiaaa-aaaah-qaiva-cai.raw.ic0.app/",
+    "logo": "modclub_logo.webp"
   },
   {
     "name": "TAGGR",
@@ -62,72 +77,79 @@
     "oneLiner": "Blending forums and blogs - controlled by a DAO"
   },
   {
-    "name": "Funded",
-    "oneLiner": "Fund your favorite projects and get NFT rewards",
-    "website": "https://funded.app/",
-    "logo": "funded_logo.webp"
+    "name": "Catalyze",
+    "website": "https://aqs24-xaaaa-aaaal-qbbea-cai.ic0.app/",
+    "oneLiner": "Manage your Web3 communities and events",
+    "logo": "catalyze_logo.webp"
   },
   {
-    "name": "Content Fly",
-    "website": "https://contentfly.app/",
-    "logo": "contentfly_logo.webp"
+    "name": "Juno",
+    "oneLiner": "Build Web3 dApps like Web2",
+    "website": "https://juno.build",
+    "authOrigins": ["https://console.juno.build"],
+    "logo": "juno_logo.svg"
   },
   {
-    "name": "ICDex",
-    "website": "https://avjzx-pyaaa-aaaaj-aadmq-cai.raw.ic0.app/ICDex",
-    "logo": "icdex_logo.webp"
+    "name": "Arth",
+    "oneLiner": "Arth ckBTC wallet and swap btc<>ckBtc",
+    "website": "https://arth.foo",
+    "logo": "arth_logo.png"
   },
   {
-    "name": "UnfoldVR",
-    "oneLiner": "Decentralizing asset Creation and Discovery for the Metaverse",
-    "website": "https://jmorc-qiaaa-aaaam-aaeda-cai.ic0.app/",
-    "logo": "unfoldvr_logo.webp"
+    "name": "Signals",
+    "website": "https://signalsicp.com/",
+    "logo": "signals_logo.webp",
+    "oneLiner": "A location based app for empowering local communities"
   },
   {
-    "name": "Yumi",
-    "oneLiner": "NFT marketplace for digital and physical assets",
-    "website": "https://tppkg-ziaaa-aaaal-qatrq-cai.raw.ic0.app/",
-    "logo": "yumi_logo.webp"
+    "name": "Canistergeek",
+    "oneLiner": "IC canister management tool",
+    "website": "https://canistergeek.app/",
+    "logo": "canistergeek_logo.webp"
   },
   {
-    "name": "Hot or Not",
-    "oneLiner": "Token rewards for both content creators and lurkers",
-    "website": "https://hotornot.wtf/",
-    "logo": "hot_or_not_logo.webp"
+    "name": "MORA",
+    "oneLiner": "A Web3 space for writers to express autonomy of thought ",
+    "website": "https://mora.app",
+    "logo": "mora_logo.png"
   },
   {
-    "name": "Canlista",
-    "oneLiner": "Internet Computer Canister Registry",
-    "website": "https://k7gat-daaaa-aaaae-qaahq-cai.ic0.app/",
-    "logo": "canlista_logo.webp"
+    "name": "DSocial",
+    "website": "https://DSocial.app ",
+    "logo": "dsocial_logo.webp"
   },
   {
-    "name": "Mission Is Possible",
-    "website": "https://to3ja-iyaaa-aaaai-qapsq-cai.raw.ic0.app/",
-    "oneLiner": "3rd Place DSCVR Hackathon",
-    "logo": "missionispossible_logo.webp"
+    "name": "UnfoldVR",
+    "oneLiner": "Decentralizing asset Creation and Discovery for the Metaverse",
+    "website": "https://jmorc-qiaaa-aaaam-aaeda-cai.ic0.app/",
+    "logo": "unfoldvr_logo.webp"
   },
   {
-    "name": "Catalyze",
-    "website": "https://aqs24-xaaaa-aaaal-qbbea-cai.ic0.app/",
-    "oneLiner": "Manage your Web3 communities and events",
-    "logo": "catalyze_logo.webp"
+    "name": "Seers",
+    "website": "https://seers.social/",
+    "logo": "seers_logo.webp"
   },
   {
-    "name": "ICME",
-    "website": "https://sygsn-caaaa-aaaaf-qaahq-cai.raw.ic0.app/",
-    "logo": "icme_logo.webp"
+    "name": "Nuance",
+    "website": "https://exwqn-uaaaa-aaaaf-qaeaa-cai.ic0.app/",
+    "logo": "nuance_logo.webp"
   },
   {
-    "name": "Saga Tarot",
-    "website": "https://5nl7c-zqaaa-aaaah-qaa7a-cai.raw.ic0.app/",
-    "logo": "sagatarot_logo.webp"
+    "name": "Kontribute",
+    "oneLiner": "Web3 storytelling",
+    "website": "https://kontribute.app",
+    "logo": "kontribute_logo.webp"
   },
   {
     "name": "IC Drive",
     "website": "https://rglue-kyaaa-aaaah-qakca-cai.ic0.app/#/",
     "logo": "icdrive_logo.webp"
   },
+  {
+    "name": "Content Fly",
+    "website": "https://contentfly.app/",
+    "logo": "contentfly_logo.webp"
+  },
   {
     "name": "CrowdGov.org",
     "oneLiner": "The simplified, one stop shop for IC Governance.",
@@ -135,35 +157,43 @@
     "logo": "crowdgovorg_logo.webp"
   },
   {
-    "name": "NNS Dapp",
-    "oneLiner": "Dapp for Staking Neurons + Voting On-Chain",
-    "website": "https://nns.ic0.app",
-    "logo": "nnsfront-enddapp_logo-dark.webp"
+    "name": "Saga Tarot",
+    "website": "https://5nl7c-zqaaa-aaaah-qaa7a-cai.raw.ic0.app/",
+    "logo": "sagatarot_logo.webp"
   },
   {
-    "name": "Tipjar",
-    "website": "https://tipjar.rocks",
-    "logo": "tipjar_logo.webp"
+    "name": "ICME",
+    "website": "https://sygsn-caaaa-aaaaf-qaahq-cai.raw.ic0.app/",
+    "logo": "icme_logo.webp"
   },
   {
-    "name": "aedile",
-    "website": "https://aedile.io",
-    "logo": "aedile_logo.webp"
+    "name": "iKnows",
+    "oneLiner": "Explore unlimited knowledge, with Q&A interaction between you and me!",
+    "website": "https://ffxwx-3yaaa-aaaah-qajua-cai.ic0.app",
+    "logo": "iknows_logo.png"
   },
   {
-    "name": "Rise of the Magni",
-    "website": "https://riseofthemagni.com/",
-    "logo": "riseofthemagni_logo.webp"
+    "name": "Mission Is Possible",
+    "website": "https://to3ja-iyaaa-aaaai-qapsq-cai.raw.ic0.app/",
+    "oneLiner": "3rd Place DSCVR Hackathon",
+    "logo": "missionispossible_logo.webp"
   },
   {
-    "name": "Nuance",
-    "website": "https://exwqn-uaaaa-aaaaf-qaeaa-cai.ic0.app/",
-    "logo": "nuance_logo.webp"
+    "name": "Canlista",
+    "oneLiner": "Internet Computer Canister Registry",
+    "website": "https://k7gat-daaaa-aaaae-qaahq-cai.ic0.app/",
+    "logo": "canlista_logo.webp"
   },
   {
-    "name": "MODCLUB",
-    "website": "https://ljyte-qiaaa-aaaah-qaiva-cai.raw.ic0.app/",
-    "logo": "modclub_logo.webp"
+    "name": "aedile",
+    "website": "https://aedile.io",
+    "logo": "aedile_logo.webp"
+  },
+  {
+    "name": "Uniswap Frontend on ICP",
+    "website": "https://yrog5-xqaaa-aaaap-qa5za-cai.ic0.app/#/swap",
+    "oneLiner": "Front-End On-Chain",
+    "logo": "uniswapfrontendontheic_logo.webp"
   },
   {
     "name": "NFTAnvil",
@@ -171,21 +201,14 @@
     "logo": "nftanvil_logo.webp"
   },
   {
-    "name": "Dbox",
-    "website": "https://dbox.foundation/",
-    "logo": "dbox_logo.webp"
-  },
-  {
-    "name": "Canistergeek",
-    "oneLiner": "IC canister management tool",
-    "website": "https://canistergeek.app/",
-    "logo": "canistergeek_logo.webp"
+    "name": "ICEvent",
+    "website": "https://icevent.app/",
+    "logo": "icevent_logo_112x112.png"
   },
   {
-    "name": "Configeek",
-    "oneLiner": "Remote configuration tool",
-    "website": "https://configeek.app/",
-    "logo": "configeek_logo.webp"
+    "name": "Stoic Wallet",
+    "website": "https://www.stoicwallet.com/",
+    "logo": "stoicwallet_logo.webp"
   },
   {
     "name": "Usergeek",
@@ -194,20 +217,27 @@
     "logo": "usergeek_logo.webp"
   },
   {
-    "name": "ICPSwap",
-    "website": "https://icpswap.com",
-    "logo": "icpswap_logo.webp"
+    "name": "Configeek",
+    "oneLiner": "Remote configuration tool",
+    "website": "https://configeek.app/",
+    "logo": "configeek_logo.webp"
   },
   {
-    "name": "Dmail",
-    "oneLiner": "Web3 Decentralized Email Client",
-    "website": "https://dmail.ai/",
-    "logo": "dmail_logo.webp"
+    "name": "Canister Store",
+    "oneLiner": "Empowering Users to Easily Deploy Canisters on the Internet Computer",
+    "website": "https://canister.app",
+    "logo": "canister-store_logo.png"
   },
   {
-    "name": "DSocial",
-    "website": "https://DSocial.app ",
-    "logo": "dsocial_logo.webp"
+    "name": "cyql.io",
+    "website": "https://cyql.io/",
+    "logo": "cyqlio_logo.svg",
+    "oneLiner": "Curated Internet Computer projects gallery."
+  },
+  {
+    "name": "Dbox",
+    "website": "https://dbox.foundation/",
+    "logo": "dbox_logo.webp"
   },
   {
     "name": "ICNaming",
@@ -215,25 +245,20 @@
     "logo": "icnaming_logo.webp"
   },
   {
-    "name": "Stoic Wallet",
-    "website": "https://www.stoicwallet.com/",
-    "logo": "stoicwallet_logo.webp"
-  },
-  {
-    "name": "Departure Labs",
-    "website": "https://uhmvd-qqaaa-aaaam-aavna-cai.ic0.app/",
-    "logo": "departurelabs_logo.webp"
+    "name": "NNS Dapp",
+    "oneLiner": "Dapp for Staking Neurons + Voting On-Chain",
+    "website": "https://nns.ic0.app",
+    "logo": "nnsfront-enddapp_logo-dark.webp"
   },
   {
-    "name": "MORA",
-    "oneLiner": "A Web3 space for writers to express autonomy of thought ",
-    "website": "https://mora.app",
-    "logo": "mora_logo.png"
+    "name": "Tipjar",
+    "website": "https://tipjar.rocks",
+    "logo": "tipjar_logo.webp"
   },
   {
-    "name": "ICEvent",
-    "website": "https://icevent.app/",
-    "logo": "icevent_logo_112x112.png"
+    "name": "Rise of the Magni",
+    "website": "https://riseofthemagni.com/",
+    "logo": "riseofthemagni_logo.webp"
   },
   {
     "name": "FootballGod",
@@ -251,21 +276,63 @@
     "logo": "blocklist.png"
   },
   {
-    "name": "Bink",
-    "oneLiner": "Superior alternative to Linktree",
-    "website": "https://b.ink",
-    "logo": "bink_logo.png"
+    "name": "Vibeverse",
+    "oneLiner": "A vibrant ecosystem where users can learn about new AI tools, AI content, AI Movies, and more",
+    "website": "https://h5fnl-4iaaa-aaaap-abddq-cai.icp0.io/",
+    "logo": "vibeverse_logo.png"
   },
   {
-    "name": "iKnows",
-    "oneLiner": "Explore unlimited knowledge, with Q&A interaction between you and me!",
-    "website": "https://ffxwx-3yaaa-aaaah-qajua-cai.ic0.app",
-    "logo": "iknows_logo.png"
+    "name": "DSign",
+    "website": "https://www.dsign.ooo",
+    "logo": "dsign_logo.webp",
+    "oneLiner": "Collaborative Product Design Innovation Hub"
   },
   {
-    "name": "Canister Store",
-    "oneLiner": "Empowering Users to Easily Deploy Canisters on the Internet Computer",
-    "website": "https://canister.app",
-    "logo": "canister-store_logo.png"
+    "name": "Metaforo ICP deployment",
+    "oneLiner": "Deploy the frontend of a web3 forum system - metaforo.io on ICP",
+    "website": "https://can1.metaforo.io/",
+    "logo": "metaforo-icp_logo.png"
+  },
+  {
+    "name": "Rakeoff",
+    "website": "https://rakeoff.io/",
+    "logo": "rakeoff_logo.webp",
+    "oneLiner": "Rakeoff is a user-friendly crypto staking rewards platform on ICP."
+  },
+  {
+    "name": "Oisy Wallet",
+    "oneLiner": "A novel Ethereum wallet hosted on the Internet Computer",
+    "website": "https://oisy.com",
+    "logo": "oisy_logo.svg"
+  },
+  {
+    "name": "D-VOTE",
+    "website": "https://7y3zv-rqaaa-aaaag-abswa-cai.icp0.io",
+    "logo": "d-vote_logo.webp",
+    "oneLiner": "Transparent, tamper-proof voting on blockchain."
+  },
+  {
+    "name": "Joined Africa",
+    "oneLiner": "Joined Africa is a marketplace where sellers advertise products in crypto currency, connecting buyers directly with sellers within Africa.",
+    "website": "https://joinedafrica.com",
+    "logo": "joined-africa_logo.webp"
+  },
+  {
+    "name": "IC HUB",
+    "oneLiner": "Your gateway to web3 apps: connect, chat and explore all in one place",
+    "website": "https://md7ke-jyaaa-aaaak-qbrya-cai.ic0.app/",
+    "logo": "ichub_logo.png"
+  },
+  {
+    "name": "MotokoPilot",
+    "website": "https://d7dm6-sqaaa-aaaag-qcgma-cai.icp0.io/",
+    "oneLiner": "Your AI-powered companion for simplifying and streamlining the Motoko coding experience.",
+    "logo": "motokopilot_logo.png"
+  },
+  {
+    "name": "NOBLEBLOCKS",
+    "website": "https://www.nobleblocks.com",
+    "logo": "nobleblocks_logo.webp",
+    "oneLiner": "A Community-Driven DeSci Project for Scientific Publishing"
   }
 ]
diff --git a/src/frontend/src/flows/manage/authenticatorsSection.ts b/src/frontend/src/flows/manage/authenticatorsSection.ts
index 8f506e65ba..7e43fd8523 100644
--- a/src/frontend/src/flows/manage/authenticatorsSection.ts
+++ b/src/frontend/src/flows/manage/authenticatorsSection.ts
@@ -15,7 +15,9 @@ const MAX_AUTHENTICATORS = 8;
 export type DedupAuthenticator = Authenticator & { dupCount?: number };
 
 // Deduplicate devices with same (duplicated) aliases
-const dedupLabels = (authenticators: Authenticator[]): DedupAuthenticator[] => {
+export const dedupLabels = (
+  authenticators: Authenticator[]
+): DedupAuthenticator[] => {
   return authenticators.reduce<Authenticator[]>((acc, authenticator) => {
     const _authenticator: DedupAuthenticator = { ...authenticator };
     const sameName = acc.filter((a) => a.alias === _authenticator.alias);
@@ -31,24 +33,25 @@ const dedupLabels = (authenticators: Authenticator[]): DedupAuthenticator[] => {
 export const authenticatorsSection = ({
   authenticators: authenticators_,
   onAddDevice,
-  warnFewDevices,
+  warnNoPasskeys,
 }: {
   authenticators: Authenticator[];
   onAddDevice: () => void;
-  warnFewDevices: boolean;
+  warnNoPasskeys: boolean;
 }): TemplateResult => {
-  const wrapClasses = ["l-stack"];
-
-  if (warnFewDevices) {
-    wrapClasses.push("c-card", "c-card--narrow", "c-card--warning");
-  }
+  const wrapClasses = [
+    "l-stack",
+    "c-card",
+    "c-card--narrow",
+    ...(warnNoPasskeys ? ["c-card--warning"] : []),
+  ];
 
   const authenticators = dedupLabels(authenticators_);
 
   return html`
-    <aside class=${wrapClasses.join(" ")}>
+    <aside class=${wrapClasses.join(" ")} data-role="passkeys">
       ${
-        warnFewDevices
+        warnNoPasskeys
           ? html`
               <span
                 class="c-card__label c-card__label--hasIcon"
@@ -61,7 +64,7 @@ export const authenticatorsSection = ({
                 <h2>Security warning</h2>
               </span>
             `
-          : undefined
+          : ""
       }
         <div class="t-title t-title--complications">
           <h2 class="t-title">Passkeys</h2>
@@ -73,18 +76,14 @@ export const authenticatorsSection = ({
             </span>
           </span>
         </div>
-        ${
-          warnFewDevices
-            ? html`<p
-                style="max-width: 30rem;"
-                class="warning-message t-paragraph t-lead"
-              >
-                Add a Passkey or recovery method to make your Internet Identity
-                more secure.
-              </p>`
-            : undefined
+        <p
+          class="${warnNoPasskeys ? "warning-message" : ""} t-paragraph t-lead"
+        >${
+          warnNoPasskeys
+            ? "Set up a passkey and securely sign into dapps by unlocking your device."
+            : "Use passkeys to hold assets and securely sign into dapps by unlocking your device."
         }
-
+        </p>
         <div class="c-action-list">
           <ul>
           ${authenticators.map((authenticator, index) =>
@@ -112,9 +111,11 @@ export const authenticatorsSection = ({
 export const authenticatorItem = ({
   authenticator: { alias, dupCount, warn, remove, rename },
   index,
+  icon,
 }: {
   authenticator: DedupAuthenticator;
   index: number;
+  icon?: TemplateResult;
 }) => {
   const settings = [
     { action: "rename", caption: "Rename", fn: () => rename() },
@@ -127,6 +128,7 @@ export const authenticatorItem = ({
   return html`
     <li class="c-action-list__item" data-device=${alias}>
       ${isNullish(warn) ? undefined : itemWarning({ warn })}
+      ${isNullish(icon) ? undefined : html`${icon}`}
       <div class="c-action-list__label">
         ${alias}
         ${nonNullish(dupCount) && dupCount > 0
diff --git a/src/frontend/src/flows/manage/deviceSettings.ts b/src/frontend/src/flows/manage/deviceSettings.ts
index 0d70757839..ebd604dbe1 100644
--- a/src/frontend/src/flows/manage/deviceSettings.ts
+++ b/src/frontend/src/flows/manage/deviceSettings.ts
@@ -216,9 +216,11 @@ export const resetPhrase = async ({
   if ("ok" in res) {
     // If the user was authenticated with the phrase, then replace the connection
     // to use the new phrase to void logging them out
-    const nextConnection = sameDevice
-      ? await connection.fromIdentity(userNumber, res.ok)
-      : undefined;
+    let nextConnection = undefined;
+    if (sameDevice) {
+      nextConnection = (await connection.fromIdentity(userNumber, res.ok))
+        .connection;
+    }
     return reload(nextConnection);
   } else if ("error" in res) {
     await displayError({
diff --git a/src/frontend/src/flows/manage/index.ts b/src/frontend/src/flows/manage/index.ts
index a2f913b6cc..c7439488a3 100644
--- a/src/frontend/src/flows/manage/index.ts
+++ b/src/frontend/src/flows/manage/index.ts
@@ -2,7 +2,6 @@ import {
   DeviceData,
   IdentityAnchorInfo,
 } from "$generated/internet_identity_types";
-import { showWarning } from "$src/banner";
 import {
   AuthnTemplates,
   authenticateBox,
@@ -22,18 +21,23 @@ import { addDevice } from "$src/flows/addDevice/manage/addDevice";
 import { dappsExplorer } from "$src/flows/dappsExplorer";
 import { KnownDapp, getDapps } from "$src/flows/dappsExplorer/dapps";
 import { dappsHeader, dappsTeaser } from "$src/flows/dappsExplorer/teaser";
+import {
+  TempKeyWarningAction,
+  tempKeyWarningBox,
+  tempKeysSection,
+} from "$src/flows/manage/tempKeys";
 import { addPhrase, recoveryWizard } from "$src/flows/recovery/recoveryWizard";
 import { setupKey, setupPhrase } from "$src/flows/recovery/setupRecovery";
 import { I18n } from "$src/i18n";
 import { AuthenticatedConnection, Connection } from "$src/utils/iiConnection";
 import { TemplateElement, renderPage } from "$src/utils/lit-html";
 import {
-  hasRecoveryPhrase,
   isProtected,
   isRecoveryDevice,
   isRecoveryPhrase,
 } from "$src/utils/recoveryDevice";
 import { OmitParams, shuffleArray, unreachable } from "$src/utils/utils";
+import { Principal } from "@dfinity/principal";
 import { isNullish, nonNullish } from "@dfinity/utils";
 import { TemplateResult, html } from "lit-html";
 import { authenticatorsSection } from "./authenticatorsSection";
@@ -142,13 +146,14 @@ const displayFailedToListDevices = (error: Error) =>
 // recovery devices.
 const displayManageTemplate = ({
   userNumber,
-  devices: { authenticators, recoveries },
+  devices: { authenticators, recoveries, pinAuthenticators },
   onAddDevice,
   addRecoveryPhrase,
   addRecoveryKey,
   dapps,
   exploreDapps,
   identityBackground,
+  tempKeysWarning,
 }: {
   userNumber: bigint;
   devices: Devices;
@@ -158,18 +163,20 @@ const displayManageTemplate = ({
   dapps: KnownDapp[];
   exploreDapps: () => void;
   identityBackground: IdentityBackground;
+  tempKeysWarning?: TempKeyWarningAction;
 }): TemplateResult => {
-  // Nudge the user to add a device iff there is one or fewer authenticators and no recoveries
-  const warnFewDevices =
-    authenticators.length <= 1 &&
-    isNullish(recoveries.recoveryPhrase) &&
-    isNullish(recoveries.recoveryKey);
+  // Nudge the user to add a passkey if there is none
+  const warnNoPasskeys = authenticators.length === 0;
+  const i18n = new I18n();
 
   const pageContentSlot = html` <section data-role="identity-management">
     <hgroup>
       <h1 class="t-title t-title--main">Manage your<br />Internet Identity</h1>
     </hgroup>
     ${anchorSection({ userNumber, identityBackground })}
+    ${nonNullish(tempKeysWarning)
+      ? tempKeyWarningBox({ i18n, warningAction: tempKeysWarning })
+      : ""}
     <p class="t-paragraph">
       ${dappsTeaser({
         dapps,
@@ -180,17 +187,19 @@ const displayManageTemplate = ({
         },
       })}
     </p>
+    ${pinAuthenticators.length > 0
+      ? tempKeysSection({ authenticators: pinAuthenticators, i18n })
+      : ""}
     ${authenticatorsSection({
       authenticators,
       onAddDevice,
-      warnFewDevices,
+      warnNoPasskeys,
     })}
     ${recoveryMethodsSection({ recoveries, addRecoveryPhrase, addRecoveryKey })}
     ${logoutSection()}
   </section>`;
 
   return mainWindow({
-    isWideContainer: true,
     slot: pageContentSlot,
   });
 };
@@ -267,6 +276,22 @@ export const renderManage = async ({
 
 export const displayManagePage = renderPage(displayManageTemplate);
 
+function isPinAuthenticated(
+  devices_: DeviceData[],
+  connection: AuthenticatedConnection
+): boolean {
+  const connectionPrincipal = connection.identity.getPrincipal();
+  const currentDevice = devices_.find(({ pubkey }) => {
+    const devicePrincipal = Principal.selfAuthenticating(
+      new Uint8Array(pubkey)
+    );
+    return devicePrincipal.toText() === connectionPrincipal.toText();
+  });
+  return (
+    nonNullish(currentDevice) && "browser_storage_key" in currentDevice.key_type
+  );
+}
+
 export const displayManage = (
   userNumber: bigint,
   connection: AuthenticatedConnection,
@@ -293,24 +318,53 @@ export const displayManage = (
         "More than one recovery keys are registered, which is unexpected. Only one will be shown."
       );
     }
+
+    const onAddDevice = async () => {
+      await addDevice({ userNumber, connection });
+      resolve();
+    };
+    const addRecoveryPhrase = async () => {
+      const doAdd = await addPhrase({ intent: "userInitiated" });
+      if (doAdd === "cancel") {
+        resolve();
+        return;
+      }
+      doAdd satisfies "ok";
+      await setupPhrase(userNumber, connection);
+      resolve();
+    };
+
+    // Function to figure out what temp keys warning should be shown, if any.
+    const determineTempKeysWarning = (): TempKeyWarningAction | undefined => {
+      if (!isPinAuthenticated(devices_, connection)) {
+        // Don't show the warning, if the user is not authenticated using a PIN
+        // protected browser storage key
+        return undefined;
+      }
+      // First priority, nudge to add a recovery phrase
+      if (devices.recoveries.recoveryPhrase === undefined) {
+        return {
+          tag: "add_recovery",
+          action: addRecoveryPhrase,
+        };
+      }
+      // Second priority, nudge to add a passkey
+      if (devices.authenticators.length === 0) {
+        return {
+          tag: "add_passkey",
+          action: onAddDevice,
+        };
+      }
+      // If both, recovery phrase and passkey are present, don't show a warning
+      return undefined;
+    };
+
     const display = () =>
       displayManagePage({
         userNumber,
         devices,
-        onAddDevice: async () => {
-          await addDevice({ userNumber, connection });
-          resolve();
-        },
-        addRecoveryPhrase: async () => {
-          const doAdd = await addPhrase({ intent: "userInitiated" });
-          if (doAdd === "cancel") {
-            resolve();
-            return;
-          }
-          doAdd satisfies "ok";
-          await setupPhrase(userNumber, connection);
-          resolve();
-        },
+        onAddDevice,
+        addRecoveryPhrase,
         addRecoveryKey: async () => {
           const confirmed = confirm(
             "Add a Recovery Device\n\nUse a FIDO Security Key, like a YubiKey, as an additional recovery method."
@@ -331,30 +385,10 @@ export const displayManage = (
           display();
         },
         identityBackground,
+        tempKeysWarning: determineTempKeysWarning(),
       });
 
     display();
-
-    // When visiting the legacy URL (ic0.app) we extra-nudge the users to create a recovery phrase,
-    // if they don't have one already. We lead them straight to recovery phrase creation, because
-    // recovery _device_ would be tied to the domain (which we want to avoid).
-    if (
-      window.location.origin === LEGACY_II_URL &&
-      !hasRecoveryPhrase(devices_)
-    ) {
-      const elem = showWarning(html`<strong class="t-strong">Important!</strong>
-        Create a recovery phrase.
-        <button
-          class="features-warning-btn"
-          @click=${async () => {
-            await setupPhrase(userNumber, connection);
-            elem.remove();
-            resolve();
-          }}
-        >
-          Create
-        </button> `);
-    }
   });
 };
 
@@ -446,17 +480,29 @@ export const devicesFromDeviceDatas = ({
         return acc;
       }
 
-      acc.authenticators.push({
+      const authenticator = {
         alias: device.alias,
         warn: domainWarning(device),
         rename: () => renameDevice({ connection, device, reload }),
         remove: hasSingleDevice
           ? undefined
           : () => deleteDevice({ connection, device, reload }),
-      });
+      };
+
+      if ("browser_storage_key" in device.key_type) {
+        acc.pinAuthenticators.push(authenticator);
+      } else {
+        acc.authenticators.push(authenticator);
+      }
       return acc;
     },
-    { authenticators: [], recoveries: {}, dupPhrase: false, dupKey: false }
+    {
+      authenticators: [],
+      recoveries: {},
+      pinAuthenticators: [],
+      dupPhrase: false,
+      dupKey: false,
+    }
   );
 };
 
diff --git a/src/frontend/src/flows/manage/recoveryMethodsSection.json b/src/frontend/src/flows/manage/recoveryMethodsSection.json
index cdf5cce094..89f2502b27 100644
--- a/src/frontend/src/flows/manage/recoveryMethodsSection.json
+++ b/src/frontend/src/flows/manage/recoveryMethodsSection.json
@@ -1,6 +1,8 @@
 {
   "en": {
+    "security_warning": "Security Warning",
     "recovery_phrase_enabled": "You enabled a recovery phrase.",
-    "recovery_key_enabled": "You enabled a recovery device."
+    "recovery_key_enabled": "You enabled a recovery device.",
+    "enable_recovery_to_make_secure": "Enable recovery methods to make your Internet Identity more secure."
   }
 }
diff --git a/src/frontend/src/flows/manage/recoveryMethodsSection.ts b/src/frontend/src/flows/manage/recoveryMethodsSection.ts
index 68753fa00b..81938b2ecb 100644
--- a/src/frontend/src/flows/manage/recoveryMethodsSection.ts
+++ b/src/frontend/src/flows/manage/recoveryMethodsSection.ts
@@ -26,19 +26,45 @@ export const recoveryMethodsSection = ({
   addRecoveryPhrase: () => void;
   addRecoveryKey: () => void;
 }): TemplateResult => {
+  const i18n = new I18n();
+
+  const copy = i18n.i18n(copyJson);
+  const warnNoRecovery = isNullish(recoveryPhrase) && isNullish(recoveryKey);
+  const wrapClasses = [
+    "l-stack",
+    "c-card",
+    "c-card--narrow",
+    ...(warnNoRecovery ? ["c-card--warning"] : []),
+  ];
+
   return html`
-    <aside class="l-stack">
+    <aside class=${wrapClasses.join(" ")} data-role="recoveries">
+      ${warnNoRecovery
+        ? html`
+            <span
+              class="c-card__label c-card__label--hasIcon"
+              aria-hidden="true"
+            >
+              <i
+                class="c-card__icon c-icon c-icon--error__flipped c-icon--inline"
+                >${warningIcon}</i
+              >
+              <h2>${copy.security_warning}</h2>
+            </span>
+          `
+        : ""}
       <div class="t-title">
         <h2>Recovery Methods</h2>
       </div>
+      <p class="t-paragraph t-lead">${copy.enable_recovery_to_make_secure}</p>
       <div class="c-action-list">
         <ul>
           ${isNullish(recoveryPhrase)
             ? missingRecovery({ recovery: "phrase", addRecoveryPhrase })
-            : recoveryPhraseItem({ recoveryPhrase, i18n: new I18n() })}
+            : recoveryPhraseItem({ recoveryPhrase, i18n })}
           ${isNullish(recoveryKey)
             ? missingRecovery({ recovery: "key", addRecoveryKey })
-            : recoveryKeyItem({ recoveryKey, i18n: new I18n() })}
+            : recoveryKeyItem({ recoveryKey, i18n })}
         </ul>
       </div>
     </aside>
diff --git a/src/frontend/src/flows/manage/tempKeys.json b/src/frontend/src/flows/manage/tempKeys.json
new file mode 100644
index 0000000000..ad7711d30e
--- /dev/null
+++ b/src/frontend/src/flows/manage/tempKeys.json
@@ -0,0 +1,12 @@
+{
+  "en": {
+    "temporary_key": "Temporary Keys",
+    "key_stored_in_browser": "These keys are stored in browser cache, clearing your browser storage will erase them.",
+
+    "security_warning": "Security Warning",
+    "you_are_using_temporary_key": "You are using a temporary key. Do not hold any assets with this identity.",
+    "set_up_recovery_and_passkey": "Clearing your browser storage will erase this key. Set up a recovery method to avoid losing access to your identity. Add a passkey to securely hold assets with this identity.",
+    "add_recovery_phrase": "Add Recovery Phrase",
+    "add_new_passkey": "Add new Passkey"
+  }
+}
diff --git a/src/frontend/src/flows/manage/tempKeys.ts b/src/frontend/src/flows/manage/tempKeys.ts
new file mode 100644
index 0000000000..5f4b5ad1ad
--- /dev/null
+++ b/src/frontend/src/flows/manage/tempKeys.ts
@@ -0,0 +1,89 @@
+import { cypherIcon } from "$src/components/icons";
+import {
+  authenticatorItem,
+  dedupLabels,
+} from "$src/flows/manage/authenticatorsSection";
+import { Authenticator } from "$src/flows/manage/types";
+import { I18n } from "$src/i18n";
+import { unreachable } from "$src/utils/utils";
+import { TemplateResult, html } from "lit-html";
+
+import { warnBox } from "$src/components/warnBox";
+import { nonNullish } from "@dfinity/utils";
+import copyJson from "./tempKeys.json";
+
+export type TempKeyWarningAction =
+  | { tag: "add_recovery"; action: () => void }
+  | { tag: "add_passkey"; action: () => void };
+export const tempKeyWarningBox = ({
+  i18n,
+  warningAction,
+}: {
+  i18n: I18n;
+  warningAction?: TempKeyWarningAction;
+}): TemplateResult => {
+  const copy = i18n.i18n(copyJson);
+
+  const warningButtonCopy = (tempKeysWarning: TempKeyWarningAction) => {
+    switch (tempKeysWarning.tag) {
+      case "add_recovery":
+        return copy.add_recovery_phrase;
+      case "add_passkey":
+        return copy.add_new_passkey;
+      default:
+        unreachable(tempKeysWarning, "unknown temp keys warning tag");
+    }
+  };
+
+  const buttonTemplate = nonNullish(warningAction)
+    ? html`<button
+        class="c-button c-button--primary l-stack"
+        @click="${warningAction.action}"
+        id="addRecovery"
+      >
+        <span>${warningButtonCopy(warningAction)}</span>
+      </button>`
+    : undefined;
+
+  return warnBox({
+    headerSlot: html`<h2>${copy.security_warning}</h2>`,
+    title: copy.you_are_using_temporary_key,
+    message: copy.set_up_recovery_and_passkey,
+    slot: buttonTemplate,
+  });
+};
+
+export const tempKeysSection = ({
+  authenticators: authenticators_,
+  i18n,
+}: {
+  authenticators: Authenticator[];
+  i18n: I18n;
+}): TemplateResult => {
+  const authenticators = dedupLabels(authenticators_);
+  const copy = i18n.i18n(copyJson);
+
+  return html` <aside
+    class="l-stack c-card c-card--narrow"
+    data-role="temp-keys"
+  >
+    <div class="t-title t-title--complications">
+      <h2 class="t-title">${copy.temporary_key}</h2>
+    </div>
+
+    <p class="t-paragraph t-lead">${copy.key_stored_in_browser}</p>
+    <div class="c-action-list">
+      <ul>
+        ${authenticators.map((authenticator, index) =>
+          authenticatorItem({
+            authenticator,
+            index,
+            icon: html`<span class="c-icon c-icon--pin"
+              >${cypherIcon}<span></span
+            ></span>`,
+          })
+        )}
+      </ul>
+    </div>
+  </aside>`;
+};
diff --git a/src/frontend/src/flows/manage/types.ts b/src/frontend/src/flows/manage/types.ts
index b225e91d46..de42117240 100644
--- a/src/frontend/src/flows/manage/types.ts
+++ b/src/frontend/src/flows/manage/types.ts
@@ -29,4 +29,5 @@ export type Devices = {
     recoveryKey?: RecoveryKey;
     recoveryPhrase?: RecoveryPhrase;
   };
+  pinAuthenticators: Authenticator[];
 };
diff --git a/src/frontend/src/flows/pin/confirmPin.json b/src/frontend/src/flows/pin/confirmPin.json
index ade98f7349..bc2a6aacb4 100644
--- a/src/frontend/src/flows/pin/confirmPin.json
+++ b/src/frontend/src/flows/pin/confirmPin.json
@@ -1,6 +1,7 @@
 {
   "en": {
     "confirm_pin": "Confirm PIN for Internet Identity on this Device",
-    "cancel": "Cancel"
+    "cancel": "Cancel",
+    "retry": "Retry"
   }
 }
diff --git a/src/frontend/src/flows/pin/confirmPin.ts b/src/frontend/src/flows/pin/confirmPin.ts
index 4fef3705a5..78186ca0c7 100644
--- a/src/frontend/src/flows/pin/confirmPin.ts
+++ b/src/frontend/src/flows/pin/confirmPin.ts
@@ -5,6 +5,8 @@ import { mount, renderPage } from "$src/utils/lit-html";
 import { TemplateResult, html } from "lit-html";
 import { pinStepper } from "./stepper";
 
+import { Chan } from "$src/utils/utils";
+import { asyncReplace } from "lit-html/directives/async-replace.js";
 import copyJson from "./confirmPin.json";
 
 /* PIN confirmation (just prompts the user to re-enter their PIN) */
@@ -12,6 +14,7 @@ import copyJson from "./confirmPin.json";
 const confirmPinTemplate = ({
   i18n,
   cancel,
+  retry,
   onContinue,
   expectedPin: expectedPin,
   focus = false,
@@ -19,6 +22,7 @@ const confirmPinTemplate = ({
 }: {
   i18n: I18n;
   cancel: () => void;
+  retry: () => void;
   onContinue: () => void;
   expectedPin: string;
   focus?: boolean;
@@ -26,13 +30,30 @@ const confirmPinTemplate = ({
   scrollToTop?: boolean;
 }): TemplateResult => {
   const copy = i18n.i18n(copyJson);
+
+  const cancelButton = html`<button
+    @click=${() => cancel()}
+    data-action="cancel"
+    class="c-button c-button--secondary l-stack"
+  >
+    ${copy.cancel}
+  </button>`;
+  const retryButton = html`<button
+    @click=${() => retry()}
+    data-action="retry"
+    class="c-button c-button--secondary l-stack"
+  >
+    ${copy.retry}
+  </button>`;
+
+  const currentAction = new Chan<TemplateResult>(cancelButton);
   const verify = (pin: string): PinResult<string> => {
     if (pin === expectedPin) {
       return { ok: true, value: pin };
     }
 
-    // XXX: there is currently no way to restart the PIN. We need to figure
-    // out what to do UX-wise first.
+    // update the button from 'cancel' to 'retry'
+    currentAction.send(retryButton);
     return { ok: false, error: "PINs don't match" };
   };
 
@@ -43,20 +64,14 @@ const confirmPinTemplate = ({
     focus,
   });
   const slot = html`
-    ${pinStepper({ current: "confirm" })}
+    ${pinStepper({ current: "set_pin" })}
     <hgroup ${scrollToTop ? mount(() => window.scrollTo(0, 0)) : undefined}>
       <h1 class="t-title t-title--main">${copy.confirm_pin}</h1>
     </hgroup>
-    <div class="l-stack">
+    <div class="l-stack" data-role="confirm-pin">
       <div class="c-input--stack">${pinInput_.template}</div>
     </div>
-    <button
-      @click=${() => cancel()}
-      data-action="cancel"
-      class="c-button c-button--secondary l-stack"
-    >
-      ${copy.cancel}
-    </button>
+    ${asyncReplace(currentAction)}
   `;
 
   return mainWindow({
@@ -71,13 +86,14 @@ export const confirmPin = ({
   expectedPin,
 }: {
   expectedPin: string;
-}): Promise<{ tag: "ok" } | { tag: "canceled" }> => {
+}): Promise<{ tag: "ok" } | { tag: "canceled" } | { tag: "retry" }> => {
   return new Promise((resolve) =>
     confirmPinPage({
       i18n: new I18n(),
       onContinue: () => resolve({ tag: "ok" }),
       expectedPin,
       cancel: () => resolve({ tag: "canceled" }),
+      retry: () => resolve({ tag: "retry" }),
       focus: true,
       scrollToTop: true,
     })
diff --git a/src/frontend/src/flows/pin/pinInfo.json b/src/frontend/src/flows/pin/pinInfo.json
new file mode 100644
index 0000000000..8c06a11187
--- /dev/null
+++ b/src/frontend/src/flows/pin/pinInfo.json
@@ -0,0 +1,23 @@
+{
+  "en": {
+    "continue_and_set_pin": "Continue and set pin",
+    "cancel": "Cancel",
+    "create_temporary_key_form_pin": "Create a temporary key from a PIN",
+    "set_memorable_pin": "Set a memorable PIN and securely store a temporary key in your browser cache",
+
+    "security_warning": "Security Warning",
+    "are_you_sure": "Are you sure you want to set up a temporary key?",
+    "clear_browser_storage_add_passkey": "Clearing your browser storage will erase this key. Add a passkey if you want to hold assets with this identity.",
+
+    "temporary_key_section_label": "About the temporary key",
+    "what_is_temporary_key": "What is a temporary key?",
+    "unique_key_pair": "A unique private key that is safely stored in your browser cache and protected by two layers of advanced encryption",
+    "convenient_secure_replacement": "A convenient and more secure replacement for passwords",
+    "enables_sign_by_pin": "Enables you to sign into dapps on your devices using a simple PIN",
+
+    "why_temporary": "Why is it temporary?",
+    "clear_browser_storage": "Clearing your browser storage will erase your key",
+    "set_up_recovery": "Set up a recovery phrase after registering to avoid loss",
+    "do_not_store_assets": "Do not store assets on the Internet Identity until you create a passkey or recovery phrase"
+  }
+}
diff --git a/src/frontend/src/flows/pin/pinInfo.ts b/src/frontend/src/flows/pin/pinInfo.ts
new file mode 100644
index 0000000000..d1aa67bbec
--- /dev/null
+++ b/src/frontend/src/flows/pin/pinInfo.ts
@@ -0,0 +1,106 @@
+import { warningIcon } from "$src/components/icons";
+import { mainWindow } from "$src/components/mainWindow";
+import { pinStepper } from "$src/flows/pin/stepper";
+import { I18n } from "$src/i18n";
+import { mount, renderPage } from "$src/utils/lit-html";
+import { TemplateResult, html } from "lit-html";
+
+import copyJson from "./pinInfo.json";
+
+const pinInfoTemplate = ({
+  i18n,
+  onContinue,
+  cancel,
+  scrollToTop = false,
+}: {
+  onContinue: () => void;
+  i18n: I18n;
+  cancel: () => void;
+  /* put the page into view */
+  scrollToTop?: boolean;
+}): TemplateResult => {
+  const copy = i18n.i18n(copyJson);
+
+  const slot = html`
+    ${pinStepper({ current: "set_pin" })}
+    <hgroup ${scrollToTop ? mount(() => window.scrollTo(0, 0)) : undefined}>
+      <h1 class="t-title t-title--main">
+        ${copy.create_temporary_key_form_pin}
+      </h1>
+      <p class="t-paragraph">${copy.set_memorable_pin}</p>
+    </hgroup>
+    <button
+      @click=${() => onContinue()}
+      data-action="continue-pin"
+      class="c-button l-stack"
+    >
+      ${copy.continue_and_set_pin}
+    </button>
+    <button
+      @click=${() => cancel()}
+      data-action="cancel"
+      class="c-button c-button--textOnly"
+      c-card--warning
+    >
+      ${copy.cancel}
+    </button>
+    <article
+      class="c-marketing-block"
+      label="${copy.temporary_key_section_label}"
+    >
+      <aside class="c-card c-card--narrow c-card--warning">
+        <span class="c-card__label c-card__label--hasIcon" aria-hidden="true">
+          <i class="c-card__icon c-icon c-icon--error__flipped c-icon--inline"
+            >${warningIcon}</i
+          >
+          <h2>${copy.security_warning}</h2>
+        </span>
+        <div class="t-title t-title--complications">
+          <h2 class="t-title">${copy.are_you_sure}</h2>
+        </div>
+        <p class="warning-message t-paragraph t-lead">
+          ${copy.clear_browser_storage_add_passkey}
+        </p>
+      </aside>
+
+      <section class="l-stack">
+        <h3 class="t-title">${copy.what_is_temporary_key}</h3>
+        <ul class="c-list c-list--bulleted">
+          <li>${copy.unique_key_pair}</li>
+          <li>${copy.convenient_secure_replacement}</li>
+          <li>${copy.enables_sign_by_pin}</li>
+        </ul>
+      </section>
+
+      <section class="l-stack">
+        <h3 class="t-title">${copy.why_temporary}</h3>
+        <ul class="c-list c-list--bulleted">
+          <li>${copy.clear_browser_storage}</li>
+          <li>${copy.set_up_recovery}</li>
+          <li>${copy.do_not_store_assets}</li>
+        </ul>
+      </section>
+    </article>
+  `;
+
+  return mainWindow({
+    showFooter: false,
+    showLogo: false,
+    slot,
+  });
+};
+
+export const pinInfoPage = renderPage(pinInfoTemplate);
+
+// Show information about the PIN authentication (aka temporary key) and prompt
+// the user to continue (or cancel).
+export const promptPinInfo = (): Promise<"continue" | "canceled"> => {
+  return new Promise((resolve) =>
+    pinInfoPage({
+      i18n: new I18n(),
+      onContinue: () => resolve("continue"),
+      cancel: () => resolve("canceled"),
+      scrollToTop: true,
+    })
+  );
+};
diff --git a/src/frontend/src/flows/pin/setPin.ts b/src/frontend/src/flows/pin/setPin.ts
index 4cf0e8dcc0..1225a15774 100644
--- a/src/frontend/src/flows/pin/setPin.ts
+++ b/src/frontend/src/flows/pin/setPin.ts
@@ -6,6 +6,8 @@ import { isNullish } from "@dfinity/utils";
 import { TemplateResult, html } from "lit-html";
 import { pinStepper } from "./stepper";
 
+import { confirmPin } from "$src/flows/pin/confirmPin";
+import { promptPinInfo } from "$src/flows/pin/pinInfo";
 import copyJson from "./setPin.json";
 
 /* Prompt the user to create a new PIN */
@@ -32,11 +34,11 @@ const setPinTemplate = ({
     focus,
   });
   const slot = html`
-    ${pinStepper({ current: "set" })}
+    ${pinStepper({ current: "set_pin" })}
     <hgroup ${scrollToTop ? mount(() => window.scrollTo(0, 0)) : undefined}>
       <h1 class="t-title t-title--main">${copy.set_pin_for_ii}</h1>
     </hgroup>
-    <div class="l-stack">
+    <div class="l-stack" data-role="set-pin">
       <div class="c-input--stack">${pinInput_.template}</div>
     </div>
     <button
@@ -86,3 +88,33 @@ export const setPin = (): Promise<
     })
   );
 };
+
+export const setPinFlow = async (): Promise<
+  { tag: "ok"; pin: string } | { tag: "canceled" }
+> => {
+  const pinInfoResult = await promptPinInfo();
+  if (pinInfoResult === "canceled") {
+    return { tag: "canceled" };
+  }
+
+  for (;;) {
+    const result = await setPin();
+    if (result.tag === "canceled") {
+      return { tag: "canceled" };
+    }
+
+    result.tag satisfies "ok";
+    const { pin } = result;
+
+    const confirmed = await confirmPin({ expectedPin: pin });
+    if (confirmed.tag === "canceled") {
+      return { tag: "canceled" };
+    }
+    if (confirmed.tag === "retry") {
+      continue;
+    }
+
+    confirmed.tag satisfies "ok";
+    return { tag: "ok", pin };
+  }
+};
diff --git a/src/frontend/src/flows/pin/stepper.ts b/src/frontend/src/flows/pin/stepper.ts
index 9364384722..52824c55bc 100644
--- a/src/frontend/src/flows/pin/stepper.ts
+++ b/src/frontend/src/flows/pin/stepper.ts
@@ -4,18 +4,15 @@ import { html } from "lit-html";
 export const pinStepper = ({
   current,
 }: {
-  current: "set" | "confirm" | "captcha" | "finish";
+  current: "set_pin" | "captcha" | "finish";
 }) => html`
   <div class="c-progress-container">
     <ol class="c-progress-stepper">
-      <li class="c-progress-stepper__step" aria-current=${current === "set"}>
-        <span class="c-progress-stepper__label">Set PIN</span>
-      </li>
       <li
         class="c-progress-stepper__step"
-        aria-current=${current === "confirm"}
+        aria-current=${current === "set_pin"}
       >
-        <span class="c-progress-stepper__label">Confirm PIN</span>
+        <span class="c-progress-stepper__label">Set PIN</span>
       </li>
       <li
         class="c-progress-stepper__step"
diff --git a/src/frontend/src/flows/pin/usePin.ts b/src/frontend/src/flows/pin/usePin.ts
index dac5763343..44f02a879e 100644
--- a/src/frontend/src/flows/pin/usePin.ts
+++ b/src/frontend/src/flows/pin/usePin.ts
@@ -1,23 +1,26 @@
 import { mainWindow } from "$src/components/mainWindow";
-import { pinInput } from "$src/components/pinInput";
+import { pinInput, PinResult } from "$src/components/pinInput";
 import { I18n } from "$src/i18n";
 import { mount, renderPage } from "$src/utils/lit-html";
-import { TemplateResult, html } from "lit-html";
+import type { TemplateResult } from "lit-html";
+import { html } from "lit-html";
 
 import copyJson from "./usePin.json";
 
 /* Prompt the user to input their PIN for use */
 
-const usePinTemplate = ({
+const usePinTemplate = <T>({
   i18n,
   cancel,
+  verify,
   onContinue,
   onUsePasskey,
   scrollToTop = false,
 }: {
   i18n: I18n;
   cancel: () => void;
-  onContinue: (pin: string) => void;
+  verify: (pin: string) => Promise<PinResult<T>>;
+  onContinue: (result: T) => void;
   onUsePasskey: () => void;
   /* put the page into view */
   scrollToTop?: boolean;
@@ -25,16 +28,14 @@ const usePinTemplate = ({
   const copy = i18n.i18n(copyJson);
   const pinInput_ = pinInput({
     onSubmit: onContinue,
-    verify: (pin) =>
-      // XXX: here we don't do any verification, but ideally the identity reconstruction should happen here
-      ({ ok: true, value: pin }),
+    verify,
     secret: true,
   });
   const slot = html`
     <hgroup ${scrollToTop ? mount(() => window.scrollTo(0, 0)) : undefined}>
       <h1 class="t-title t-title--main">${copy.enter_pin_for_ii}</h1>
     </hgroup>
-    <div class="l-stack">
+    <div class="l-stack" data-role="pin">
       <div class="c-input--stack">${pinInput_.template}</div>
     </div>
     <button
@@ -57,14 +58,19 @@ const usePinTemplate = ({
 };
 
 export const usePinPage = renderPage(usePinTemplate);
-export const usePin = (): Promise<
-  { kind: "pin"; pin: string } | { kind: "canceled" } | { kind: "passkey" }
+export const usePin = <T>({
+  verifyPin,
+}: {
+  verifyPin: (pin: string) => Promise<PinResult<T>>;
+}): Promise<
+  { kind: "pin"; result: T } | { kind: "canceled" } | { kind: "passkey" }
 > => {
   return new Promise((resolve) =>
-    usePinPage({
+    renderPage(usePinTemplate<T>)({
       i18n: new I18n(),
       onUsePasskey: () => resolve({ kind: "passkey" }),
-      onContinue: (pin: string) => resolve({ kind: "pin", pin }),
+      verify: verifyPin,
+      onContinue: (result: T) => resolve({ kind: "pin", result }),
       cancel: () => resolve({ kind: "canceled" }),
       scrollToTop: true,
     })
diff --git a/src/frontend/src/flows/register/finish.ts b/src/frontend/src/flows/register/finish.ts
index 3fa6cebfc7..784928878b 100644
--- a/src/frontend/src/flows/register/finish.ts
+++ b/src/frontend/src/flows/register/finish.ts
@@ -13,26 +13,29 @@ import {
   withRef,
 } from "$src/utils/lit-html";
 import { OmitParams } from "$src/utils/utils";
-import { html } from "lit-html";
+import { TemplateResult, html } from "lit-html";
 import { Ref, createRef, ref } from "lit-html/directives/ref.js";
-import { registerStepper } from "./stepper";
 
 export const displayUserNumberTemplate = ({
   onContinue,
   userNumber,
   identityBackground,
+  stepper,
+  marketingIntroSlot,
   scrollToTop = false,
 }: {
   onContinue: () => void;
   userNumber: bigint;
   identityBackground: IdentityBackground;
+  stepper: TemplateResult;
+  marketingIntroSlot?: TemplateResult;
   /* put the page into view */
   scrollToTop?: boolean;
 }) => {
   const userNumberCopy: Ref<HTMLButtonElement> = createRef();
   const displayUserNumberSlot = html`
 
-  ${registerStepper({ current: "finish" })}
+  ${stepper}
 <hgroup
 
       ${scrollToTop ? mount(() => window.scrollTo(0, 0)) : undefined}
@@ -83,6 +86,7 @@ export const displayUserNumberTemplate = ({
         I saved it, continue
       </button>
     <section class="c-marketing-block">
+      ${marketingIntroSlot}
       <aside class="l-stack">
         <h3 class="t-title">This number is your Internet Identity</h3>
         <p class="t-paragraph">With your Internet Identity and your passkey, you will be able to create and securely connect to Internet Computer dapps</p>
@@ -124,15 +128,21 @@ export const displayUserNumberWarmup = (): OmitParams<
 export const displayUserNumber = ({
   userNumber,
   identityBackground,
+  stepper,
+  marketingIntroSlot,
 }: {
   userNumber: bigint;
   identityBackground: IdentityBackground;
+  stepper: TemplateResult;
+  marketingIntroSlot?: TemplateResult;
 }): Promise<void> => {
   return new Promise((resolve) =>
     displayUserNumberPage({
       onContinue: () => resolve(),
       userNumber,
       identityBackground,
+      stepper,
+      marketingIntroSlot,
       scrollToTop: true,
     })
   );
diff --git a/src/frontend/src/flows/register/index.ts b/src/frontend/src/flows/register/index.ts
index e23ab6f531..ab101c5b87 100644
--- a/src/frontend/src/flows/register/index.ts
+++ b/src/frontend/src/flows/register/index.ts
@@ -1,6 +1,21 @@
-import { Challenge } from "$generated/internet_identity_types";
+import {
+  Challenge,
+  CredentialId,
+  KeyType,
+} from "$generated/internet_identity_types";
+import { withLoader } from "$src/components/loader";
+import {
+  PinIdentityMaterial,
+  constructPinIdentity,
+} from "$src/crypto/pinIdentity";
+import { tempKeyWarningBox } from "$src/flows/manage/tempKeys";
+import { idbStorePinIdentityMaterial } from "$src/flows/pin/idb";
+import { setPinFlow } from "$src/flows/pin/setPin";
+import { pinStepper } from "$src/flows/pin/stepper";
 import { registerStepper } from "$src/flows/register/stepper";
 import { registerDisabled } from "$src/flows/registerDisabled";
+import { I18n } from "$src/i18n";
+import { authenticatorAttachmentToKeyType } from "$src/utils/authenticatorAttachment";
 import { LoginFlowCanceled } from "$src/utils/flowResult";
 import {
   AuthenticatedConnection,
@@ -9,26 +24,39 @@ import {
   RegisterResult,
 } from "$src/utils/iiConnection";
 import { setAnchorUsed } from "$src/utils/userNumber";
+import { SignIdentity } from "@dfinity/agent";
 import { ECDSAKeyIdentity } from "@dfinity/identity";
 import { nonNullish } from "@dfinity/utils";
+import { TemplateResult } from "lit-html";
 import type { UAParser } from "ua-parser-js";
 import { badChallenge, precomputeFirst, promptCaptcha } from "./captcha";
 import { displayUserNumberWarmup } from "./finish";
-import { savePasskey } from "./passkey";
+import { savePasskeyOrPin } from "./passkey";
 
 /** Registration (anchor creation) flow for new users */
 export const registerFlow = async <T>({
   createChallenge: createChallenge_,
   register,
+  storePinIdentity,
   registrationAllowed,
+  pinAllowed,
+  uaParser,
 }: {
   createChallenge: () => Promise<Challenge>;
   register: (opts: {
     alias: string;
-    identity: IIWebAuthnIdentity;
+    identity: SignIdentity;
+    keyType: KeyType;
+    credentialId?: CredentialId;
     challengeResult: { chars: string; challenge: Challenge };
   }) => Promise<RegisterResult<T>>;
+  storePinIdentity: (opts: {
+    userNumber: bigint;
+    pinIdentityMaterial: PinIdentityMaterial;
+  }) => Promise<void>;
   registrationAllowed: boolean;
+  pinAllowed: () => Promise<boolean>;
+  uaParser: PreloadedUAParser;
 }): Promise<RegisterResult<T> | "canceled"> => {
   if (!registrationAllowed) {
     const result = await registerDisabled();
@@ -36,32 +64,97 @@ export const registerFlow = async <T>({
     return "canceled";
   }
 
-  // Kick-off fetching "ua-parser-js";
-  const uaParser = loadUAParser();
-
   // Kick-off the challenge request early, so that we might already
   // have a captcha to show once we get to the CAPTCHA screen
   const createChallenge = precomputeFirst(() => createChallenge_());
 
-  const identity = await savePasskey();
-  if (identity === "canceled") {
+  const displayUserNumber = displayUserNumberWarmup();
+  const savePasskeyResult = await savePasskeyOrPin({
+    pinAllowed: await pinAllowed(),
+  });
+  if (savePasskeyResult === "canceled") {
     return "canceled";
   }
+  const result_ = await (async () => {
+    if (savePasskeyResult === "pin") {
+      const pinResult = await setPinFlow();
+      if (pinResult.tag === "canceled") {
+        return "canceled";
+      }
 
-  const alias = await inferAlias({
-    authenticatorType: identity.getAuthenticatorAttachment(),
-    userAgent: navigator.userAgent,
-    uaParser,
-  });
+      pinResult.tag satisfies "ok";
 
-  const displayUserNumber = displayUserNumberWarmup();
+      // XXX: this withLoader could be replaced with one that indicates what's happening (like the
+      // "Hang tight, ..." spinner)
+      const { identity, pinIdentityMaterial } = await withLoader(() =>
+        constructPinIdentity(pinResult)
+      );
+      return {
+        identity,
+        alias: await inferPinAlias({
+          userAgent: navigator.userAgent,
+          uaParser,
+        }),
+        captchaStepper: pinStepper({ current: "captcha" }),
+        finishStepper: pinStepper({ current: "finish" }),
+        keyType: { browser_storage_key: null },
+        finalizeIdentity: (userNumber: bigint) =>
+          storePinIdentity({ userNumber, pinIdentityMaterial }),
+        finishSlot: tempKeyWarningBox({ i18n: new I18n() }),
+      };
+    } else {
+      const identity = savePasskeyResult;
+      const alias = await inferPasskeyAlias({
+        authenticatorType: identity.getAuthenticatorAttachment(),
+        userAgent: navigator.userAgent,
+        uaParser,
+      });
+      return {
+        identity,
+        alias,
+        captchaStepper: registerStepper({ current: "captcha" }),
+        finishStepper: registerStepper({ current: "finish" }),
+        credentialId: new Uint8Array(identity.rawId),
+        keyType: authenticatorAttachmentToKeyType(
+          identity.getAuthenticatorAttachment()
+        ),
+      };
+    }
+  })();
+
+  if (result_ === "canceled") {
+    return "canceled";
+  }
+
+  const {
+    identity,
+    alias,
+    captchaStepper,
+    finishStepper,
+    credentialId,
+    keyType,
+    finalizeIdentity,
+    finishSlot,
+  }: {
+    identity: SignIdentity;
+    alias: string;
+    captchaStepper: TemplateResult;
+    finishStepper: TemplateResult;
+    credentialId?: CredentialId;
+    keyType: KeyType;
+    finalizeIdentity?: (userNumber: bigint) => Promise<void>;
+    finishSlot?: TemplateResult;
+  } = result_;
 
   const result = await promptCaptcha({
     createChallenge,
+    stepper: captchaStepper,
     register: async ({ chars, challenge }) => {
       const result = await register({
         identity,
         alias,
+        keyType,
+        credentialId,
         challengeResult: { chars, challenge },
       });
 
@@ -71,7 +164,6 @@ export const registerFlow = async <T>({
 
       return result;
     },
-    stepper: registerStepper({ current: "captcha" }),
   });
 
   if ("tag" in result) {
@@ -81,8 +173,13 @@ export const registerFlow = async <T>({
 
   if (result.kind === "loginSuccess") {
     const userNumber = result.userNumber;
+    await finalizeIdentity?.(userNumber);
     setAnchorUsed(userNumber);
-    await displayUserNumber({ userNumber });
+    await displayUserNumber({
+      userNumber,
+      stepper: finishStepper,
+      marketingIntroSlot: finishSlot,
+    });
   }
   return result;
 };
@@ -95,37 +192,47 @@ export const getRegisterFlowOpts = ({
   connection,
 }: {
   connection: Connection;
-}): RegisterFlowOpts => ({
-  /** Check that the current origin is not the explicit canister id or a raw url.
-   *  Explanation why we need to do this:
-   *  https://forum.dfinity.org/t/internet-identity-deprecation-of-account-creation-on-all-origins-other-than-https-identity-ic0-app/9694
-   **/
-  registrationAllowed:
-    !/(^https:\/\/rdmx6-jaaaa-aaaaa-aaadq-cai\.ic0\.app$)|(.+\.raw\..+)/.test(
-      window.origin
-    ),
-  createChallenge: () => connection.createChallenge(),
-  register: async ({
-    identity,
-    alias,
-    challengeResult: {
-      chars,
-      challenge: { challenge_key: key },
-    },
-  }) => {
-    const tempIdentity = await ECDSAKeyIdentity.generate({
-      extractable: false,
-    });
-    const result = await connection.register({
+}): RegisterFlowOpts => {
+  // Kick-off fetching "ua-parser-js";
+  const uaParser = loadUAParser();
+  return {
+    /** Check that the current origin is not the explicit canister id or a raw url.
+     *  Explanation why we need to do this:
+     *  https://forum.dfinity.org/t/internet-identity-deprecation-of-account-creation-on-all-origins-other-than-https-identity-ic0-app/9694
+     **/
+    registrationAllowed:
+      !/(^https:\/\/rdmx6-jaaaa-aaaaa-aaadq-cai\.ic0\.app$)|(.+\.raw\..+)/.test(
+        window.origin
+      ),
+    createChallenge: () => connection.createChallenge(),
+    pinAllowed: () =>
+      pinRegisterAllowed({ userAgent: navigator.userAgent, uaParser }),
+    register: async ({
       identity,
-      tempIdentity,
       alias,
-      challengeResult: { chars, key },
-    });
-
-    return result;
-  },
-});
+      keyType,
+      credentialId,
+      challengeResult: {
+        chars,
+        challenge: { challenge_key: key },
+      },
+    }) => {
+      const tempIdentity = await ECDSAKeyIdentity.generate({
+        extractable: false,
+      });
+      return await connection.register({
+        identity,
+        tempIdentity,
+        alias,
+        keyType,
+        credentialId,
+        challengeResult: { chars, key },
+      });
+    },
+    uaParser,
+    storePinIdentity: idbStorePinIdentityMaterial,
+  };
+};
 
 type AuthenticatorType = ReturnType<
   IIWebAuthnIdentity["getAuthenticatorAttachment"]
@@ -133,7 +240,7 @@ type AuthenticatorType = ReturnType<
 type PreloadedUAParser = ReturnType<typeof loadUAParser>;
 
 // Logic for inferring a passkey alias based on the authenticator type & user agent
-export const inferAlias = async ({
+export const inferPasskeyAlias = async ({
   authenticatorType,
   userAgent,
   uaParser: uaParser_,
@@ -214,6 +321,56 @@ export const inferAlias = async ({
   return UNNAMED;
 };
 
+export const inferPinAlias = async ({
+  userAgent,
+  uaParser: uaParser_,
+}: {
+  userAgent: typeof navigator.userAgent;
+  uaParser: PreloadedUAParser;
+}): Promise<string> => {
+  const UNNAMED = "Unnamed Temporary Key";
+
+  // Otherwise, make sure the UA parser module is loaded, because
+  // everything from here will use UA heuristics
+  const UAParser = await uaParser_;
+  if (UAParser === undefined) {
+    return UNNAMED;
+  }
+  const uaParser = new UAParser(userAgent);
+  const browser = uaParser.getBrowser().name;
+  // We try to show something like "Temporary Key: Opera on Linux" or just "Temporary Key: Opera" or just "Temporary Key: Linux"
+  const os = uaParser.getOS().name;
+  const browserOn = [
+    ...(nonNullish(browser) ? [browser] : []),
+    ...(nonNullish(os) ? [os] : []),
+  ];
+  if (browserOn.length !== 0) {
+    return browserOn.join(" on ");
+  }
+
+  // If all else fails, the device is unnamed
+  return UNNAMED;
+};
+
+// Logic for deciding whether PIN identity registration is allowed based on the user agent
+export const pinRegisterAllowed = async ({
+  userAgent,
+  uaParser: uaParser_,
+}: {
+  userAgent: typeof navigator.userAgent;
+  uaParser: PreloadedUAParser;
+}): Promise<boolean> => {
+  // Otherwise, make sure the UA parser module is loaded, because
+  // everything from here will use UA heuristics
+  const UAParser = await uaParser_;
+  if (UAParser === undefined) {
+    // When in doubt, allow PIN registration
+    return true;
+  }
+  const uaParser = new UAParser(userAgent);
+  return uaParser.getDevice().vendor === "Apple";
+};
+
 // Dynamically load the user agent parser module
 export const loadUAParser = async (): Promise<typeof UAParser | undefined> => {
   try {
diff --git a/src/frontend/src/flows/register/passkey.ts b/src/frontend/src/flows/register/passkey.ts
index cf89a4f000..e5bd3aae1b 100644
--- a/src/frontend/src/flows/register/passkey.ts
+++ b/src/frontend/src/flows/register/passkey.ts
@@ -56,7 +56,7 @@ const savePasskeyTemplate = ({
     <button
       @click=${() => constructPasskey()}
       data-action="construct-identity"
-      class="c-button"
+      class="c-button l-stack"
     >
       ${copy.save_passkey}
     </button>
@@ -98,8 +98,12 @@ const savePasskeyTemplate = ({
 
 export const savePasskeyPage = renderPage(savePasskeyTemplate);
 
-// Prompt the user to create a WebAuthn identity
-export const savePasskey = (): Promise<IIWebAuthnIdentity | "canceled"> => {
+// Prompt the user to create a WebAuthn identity or a PIN identity (if allowed)
+export const savePasskeyOrPin = ({
+  pinAllowed,
+}: {
+  pinAllowed: boolean;
+}): Promise<IIWebAuthnIdentity | "pin" | "canceled"> => {
   return new Promise((resolve) =>
     savePasskeyPage({
       i18n: new I18n(),
@@ -113,6 +117,7 @@ export const savePasskey = (): Promise<IIWebAuthnIdentity | "canceled"> => {
           toast.error(errorMessage(e));
         }
       },
+      constructPin: pinAllowed ? () => resolve("pin") : undefined,
     })
   );
 };
diff --git a/src/frontend/src/styles/main.css b/src/frontend/src/styles/main.css
index 2bba25bd37..5c8702f8b9 100644
--- a/src/frontend/src/styles/main.css
+++ b/src/frontend/src/styles/main.css
@@ -299,6 +299,7 @@
   --rs-input-stack: calc(var(--rs-button-stack) * 2);
   --rs-input-message-stack: var(--vs-stack);
   --rs-input-border-radius: var(--vs-border-radius);
+  --rs-input-inline: var(--rs-button-stack);
 
   --rs-line-height-body: var(--vs-line-height);
   --rs-dropdown-bezel: var(--vs-bezel);
@@ -735,6 +736,10 @@ a:hover,
   border-radius: 50%;
 }
 
+.c-icon--pin [fill] {
+  fill: var(--vc-brand-purple);
+}
+
 /* "Flipped" version where the background pops (instead
  * of the icon itself) */
 .c-icon--error__flipped {
@@ -1753,23 +1758,19 @@ by all browsers (FF is missing) */
 
 /**
  *  Pin Input
- *
  */
 
 .c-list--pin {
-  width: 100%;
-  display: inline-flex;
+  --pinDigits: 6;
+
+  display: flex;
   justify-content: space-between;
   flex-wrap: wrap;
+  gap: var(--rs-input-inline);
 }
 
-.c-list--pin-char {
-  display: block;
-  flex-basis: content;
-}
-
-.c-list--pin[data-haserror="true"] .c-input--pin {
-  border-color: red;
+.c-list__item--pin {
+  flex-basis: calc(100% / var(--pinDigits) - var(--rs-input-inline));
 }
 
 /* Use a fake font for "password"-style pin input */
@@ -1786,12 +1787,17 @@ by all browsers (FF is missing) */
    * dimensions.
    * */
   font-size: 2em;
+  line-height: 1.2;
   padding: 0.2em;
-  width: 1.4em;
+  width: 100%;
 
   font-weight: 600;
 }
 
+[data-haserror="true"] .c-input--pin {
+  border-color: var(--rc-error);
+}
+
 /**
  *  Recovery phrase
  *
@@ -2562,6 +2568,7 @@ a.c-action-list__item {
   --halo: linear-gradient(270deg, var(--rg-brand));
 }
 
+[data-haserror="true"] .c-input--anchor__wrap--error,
 .c-input--anchor__wrap--error {
   --halo: var(--rc-error-strong);
 }
@@ -2583,6 +2590,7 @@ a.c-action-list__item {
   transition: 300ms transform cubic-bezier(0.7, 0.3, 0, 1), 300ms opacity linear;
 }
 
+[data-haserror="true"] .c-input--anchor__wrap::before,
 .c-input--anchor__wrap:focus-within::before,
 .c-input--anchor__wrap--error::before,
 .c-input--anchor__wrap--valid::before {
diff --git a/src/frontend/src/test-e2e/addDevice.test.ts b/src/frontend/src/test-e2e/addDevice.test.ts
index 138043158f..9580e75136 100644
--- a/src/frontend/src/test-e2e/addDevice.test.ts
+++ b/src/frontend/src/test-e2e/addDevice.test.ts
@@ -44,19 +44,7 @@ test("Add device", async () => {
     // leads to flaky tests otherwise.
     await removeVirtualAuthenticator(browser, firstAuthenticator);
     await addVirtualAuthenticator(browser);
-    await mainView.addAdditionalDevice();
-
-    const addRemoteDeviceInstructionsView = new AddRemoteDeviceInstructionsView(
-      browser
-    );
-    await addRemoteDeviceInstructionsView.addFIDODevice();
-
-    await browser.pause(10_000);
-
-    // success page
-    const addDeviceSuccessView = new AddDeviceSuccessView(browser);
-    await addDeviceSuccessView.waitForDisplay();
-    await addDeviceSuccessView.continue();
+    await FLOWS.addFidoDevice(browser);
 
     // home
     await mainView.waitForDisplay();
diff --git a/src/frontend/src/test-e2e/flows.ts b/src/frontend/src/test-e2e/flows.ts
index 461268cc82..d0622d3bb3 100644
--- a/src/frontend/src/test-e2e/flows.ts
+++ b/src/frontend/src/test-e2e/flows.ts
@@ -1,6 +1,11 @@
 import {
+  AddDeviceSuccessView,
+  AddRemoteDeviceInstructionsView,
   AuthenticateView,
   MainView,
+  PinAuthView,
+  PinRegistrationView,
+  RecoverView,
   RecoveryMethodSelectorView,
   RegisterView,
   WelcomeView,
@@ -39,6 +44,45 @@ export const FLOWS = {
     await authenticateView.register();
     return await FLOWS.register(browser, deviceName);
   },
+  registerPin: async function (
+    browser: WebdriverIO.Browser,
+    pin: string
+  ): Promise<string> {
+    const registerView = new RegisterView(browser);
+    await registerView.waitForDisplay();
+    await registerView.createPin();
+    const pinRegistrationView = new PinRegistrationView(browser);
+    await pinRegistrationView.waitForPinInfo();
+    await pinRegistrationView.pinInfoContinue();
+    await pinRegistrationView.waitForSetPin();
+    await pinRegistrationView.setPin(pin);
+    await pinRegistrationView.waitForConfirmPin();
+    await pinRegistrationView.confirmPin(pin);
+    await registerView.waitForRegisterConfirm();
+    await registerView.confirmRegisterConfirm();
+    await registerView.waitForIdentity();
+    const userNumber = await registerView.registerGetIdentity();
+    await registerView.registerConfirmIdentity();
+    return userNumber;
+  },
+  registerPinWelcomeView: async (
+    browser: WebdriverIO.Browser,
+    pin: string
+  ): Promise<string> => {
+    const welcomeView = new WelcomeView(browser);
+    await welcomeView.waitForDisplay();
+    await welcomeView.register();
+    return await FLOWS.registerPin(browser, pin);
+  },
+  registerPinNewIdentityAuthenticateView: async (
+    pin: string,
+    browser: WebdriverIO.Browser
+  ): Promise<string> => {
+    const authenticateView = new AuthenticateView(browser);
+    await authenticateView.waitForDisplay();
+    await authenticateView.register();
+    return await FLOWS.registerPin(browser, pin);
+  },
   login: async (
     userNumber: string,
     deviceName: string,
@@ -49,15 +93,30 @@ export const FLOWS = {
     await welcomeView.login();
     await welcomeView.typeUserNumber(userNumber);
     await browser.$("button[data-action='continue']").click();
-    // NOTE: depending on the browser, we issue different warnings. On Safari,
-    // the warning comes before the recovery method selector. Since we only
-    // test on Chrome we always expect the recovery selector first.
-    const recoveryMethodSelectorView = new RecoveryMethodSelectorView(browser);
-    await recoveryMethodSelectorView.waitForDisplay();
-    await recoveryMethodSelectorView.skipRecovery();
+    // This flow assumes no recovery phrase, so we explicitly skip the recovery nag here
+    await FLOWS.skipRecoveryNag(browser);
     const mainView = new MainView(browser);
     await mainView.waitForDeviceDisplay(deviceName);
   },
+  loginPin: async (
+    userNumber: string,
+    pin: string,
+    deviceName: string,
+    browser: WebdriverIO.Browser
+  ): Promise<void> => {
+    const welcomeView = new WelcomeView(browser);
+    await welcomeView.waitForDisplay();
+    await welcomeView.login();
+    await welcomeView.typeUserNumber(userNumber);
+    await browser.$("button[data-action='continue']").click();
+    const pinAuthView = new PinAuthView(browser);
+    await pinAuthView.waitForDisplay();
+    await pinAuthView.enterPin(pin);
+    // This flow assumes no recovery phrase, so we explicitly skip the recovery nag here
+    await FLOWS.skipRecoveryNag(browser);
+    const mainView = new MainView(browser);
+    await mainView.waitForTempKeyDisplay(deviceName);
+  },
   addRecoveryMechanismSeedPhrase: async (
     browser: WebdriverIO.Browser
   ): Promise<string> => {
@@ -88,4 +147,37 @@ export const FLOWS = {
 
     return seedPhrase;
   },
+  addFidoDevice: async (browser: WebdriverIO.Browser): Promise<void> => {
+    const mainView = new MainView(browser);
+    await mainView.waitForDisplay();
+    await mainView.addAdditionalDevice();
+    const addRemoteDeviceInstructionsView = new AddRemoteDeviceInstructionsView(
+      browser
+    );
+    await addRemoteDeviceInstructionsView.addFIDODevice();
+
+    await browser.pause(10_000);
+
+    // success page
+    const addDeviceSuccessView = new AddDeviceSuccessView(browser);
+    await addDeviceSuccessView.waitForDisplay();
+    await addDeviceSuccessView.continue();
+  },
+  skipRecoveryNag: async (browser: WebdriverIO.Browser): Promise<void> => {
+    const recoveryMethodSelectorView = new RecoveryMethodSelectorView(browser);
+    await recoveryMethodSelectorView.waitForDisplay();
+    await recoveryMethodSelectorView.skipRecovery();
+  },
+  recoverUsingSeedPhrase: async (
+    browser: WebdriverIO.Browser,
+    recoveryPhrase: string
+  ): Promise<void> => {
+    const welcomeView = new WelcomeView(browser);
+    await welcomeView.recover();
+    const recoveryView = new RecoverView(browser);
+    await recoveryView.waitForSeedInputDisplay();
+    await recoveryView.enterSeedPhrase(recoveryPhrase);
+    await recoveryView.enterSeedPhraseContinue();
+    await recoveryView.skipDeviceEnrollment();
+  },
 };
diff --git a/src/frontend/src/test-e2e/pinAuth.test.ts b/src/frontend/src/test-e2e/pinAuth.test.ts
new file mode 100644
index 0000000000..6c3a12a09b
--- /dev/null
+++ b/src/frontend/src/test-e2e/pinAuth.test.ts
@@ -0,0 +1,173 @@
+import { Principal } from "@dfinity/principal";
+import {
+  DEVICE_NAME1,
+  II_URL,
+  REPLICA_URL,
+  TEST_APP_CANISTER_ID,
+  TEST_APP_NICE_URL,
+} from "./constants";
+import { FLOWS } from "./flows";
+import {
+  addVirtualAuthenticator,
+  runInBrowser,
+  switchToPopup,
+  waitToClose,
+} from "./util";
+import {
+  AuthenticateView,
+  DemoAppView,
+  MainView,
+  PinAuthView,
+  RegisterView,
+  WelcomeView,
+} from "./views";
+
+// The PIN auth feature is only enabled for Apple specific user agents
+const APPLE_USER_AGENT =
+  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36";
+
+// Sample user agent for Edge on Windows
+const EDGE_USER_AGENT =
+  "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/116.0.1938.81";
+
+const DEFAULT_PIN_DEVICE_NAME = "Chrome on Mac OS";
+
+test("PIN registration not enabled on non-Apple device", async () => {
+  await runInBrowser(async (browser: WebdriverIO.Browser) => {
+    await browser.url(II_URL);
+    const welcomeView = new WelcomeView(browser);
+    await welcomeView.waitForDisplay();
+    await welcomeView.register();
+    const registerView = new RegisterView(browser);
+    await registerView.waitForDisplay();
+    await registerView.assertPinRegistrationNotShown();
+  }, EDGE_USER_AGENT);
+}, 300_000);
+
+test("Register and Log in with PIN identity", async () => {
+  await runInBrowser(async (browser: WebdriverIO.Browser) => {
+    const pin = "123456";
+
+    await browser.url(II_URL);
+    const userNumber = await FLOWS.registerPinWelcomeView(browser, pin);
+    const mainView = new MainView(browser);
+    await mainView.waitForDisplay(); // we should be logged in
+    await mainView.waitForTempKeyDisplay(DEFAULT_PIN_DEVICE_NAME);
+    await mainView.logout();
+    await FLOWS.loginPin(userNumber, pin, DEFAULT_PIN_DEVICE_NAME, browser);
+  }, APPLE_USER_AGENT);
+}, 300_000);
+
+test("Register and log in with PIN identity, retry on wrong PIN", async () => {
+  await runInBrowser(async (browser: WebdriverIO.Browser) => {
+    const pin = "123456";
+    const wrongPin = "456321";
+
+    await browser.url(II_URL);
+    const userNumber = await FLOWS.registerPinWelcomeView(browser, pin);
+    const mainView = new MainView(browser);
+    await mainView.waitForDisplay(); // we should be logged in
+    await mainView.logout();
+
+    const welcomeView = new WelcomeView(browser);
+    await welcomeView.waitForDisplay();
+    await welcomeView.login();
+    await welcomeView.typeUserNumber(userNumber);
+    await browser.$("button[data-action='continue']").click();
+    const pinAuthView = new PinAuthView(browser);
+    await pinAuthView.waitForDisplay();
+    await pinAuthView.enterPin(wrongPin);
+    await pinAuthView.waitForError();
+    await pinAuthView.enterPin(pin);
+
+    // NOTE: handle recovery nag because there is no recovery phrase
+    await FLOWS.skipRecoveryNag(browser);
+    const mainView2 = new MainView(browser);
+    await mainView2.waitForDisplay(); // we should be logged in
+  }, APPLE_USER_AGENT);
+}, 300_000);
+
+test("Should not prompt for PIN after deleting temp key", async () => {
+  await runInBrowser(async (browser: WebdriverIO.Browser) => {
+    const pin = "123456";
+    await addVirtualAuthenticator(browser);
+
+    await browser.url(II_URL);
+    const userNumber = await FLOWS.registerPinWelcomeView(browser, pin);
+    const mainView = new MainView(browser);
+    await mainView.waitForDisplay(); // we should be logged in
+    await mainView.waitForTempKeyDisplay(DEFAULT_PIN_DEVICE_NAME);
+    await FLOWS.addFidoDevice(browser);
+
+    await mainView.waitForDisplay();
+    await mainView.remove(DEFAULT_PIN_DEVICE_NAME);
+    await browser.waitUntil(() => browser.isAlertOpen());
+    // this is equivalent to logout as we are deleting the device that was used for authentication
+    await browser.acceptAlert();
+
+    // login now happens using the WebAuthn flow
+    await FLOWS.login(userNumber, DEVICE_NAME1, browser);
+  }, APPLE_USER_AGENT);
+}, 300_000);
+
+test("Log into client application using PIN registration flow", async () => {
+  await runInBrowser(async (browser: WebdriverIO.Browser) => {
+    const pin = "123456";
+
+    const demoAppView = new DemoAppView(browser);
+    await demoAppView.open(TEST_APP_NICE_URL, II_URL);
+    await demoAppView.waitForDisplay();
+    expect(await demoAppView.getPrincipal()).toBe(
+      Principal.anonymous().toText()
+    );
+    await demoAppView.signin();
+    await switchToPopup(browser);
+    await FLOWS.registerPinNewIdentityAuthenticateView(pin, browser);
+    await waitToClose(browser);
+    await demoAppView.waitForDisplay();
+    const principal = await demoAppView.getPrincipal();
+    expect(principal).not.toBe(Principal.anonymous().toText());
+
+    expect(await demoAppView.whoami(REPLICA_URL, TEST_APP_CANISTER_ID)).toBe(
+      principal
+    );
+
+    // default value
+    const exp = await browser.$("#expiration").getText();
+    expect(Number(exp) / (8 * 60 * 60_000_000_000)).toBeCloseTo(1);
+  }, APPLE_USER_AGENT);
+}, 300_000);
+
+test("Register with PIN then log into client application", async () => {
+  await runInBrowser(async (browser: WebdriverIO.Browser) => {
+    const pin = "123456";
+
+    await browser.url(II_URL);
+    const userNumber = await FLOWS.registerPinWelcomeView(browser, pin);
+
+    const demoAppView = new DemoAppView(browser);
+    await demoAppView.open(TEST_APP_NICE_URL, II_URL);
+    await demoAppView.waitForDisplay();
+    expect(await demoAppView.getPrincipal()).toBe(
+      Principal.anonymous().toText()
+    );
+    await demoAppView.signin();
+
+    await switchToPopup(browser);
+
+    const authenticateView = new AuthenticateView(browser);
+    await authenticateView.waitForDisplay();
+    await authenticateView.pickAnchor(userNumber);
+
+    const pinAuthView = new PinAuthView(browser);
+    await pinAuthView.waitForDisplay();
+    await pinAuthView.enterPin(pin);
+
+    await FLOWS.skipRecoveryNag(browser);
+    await waitToClose(browser);
+
+    await demoAppView.waitForDisplay();
+    const principal = await demoAppView.getPrincipal();
+    expect(principal).not.toBe(Principal.anonymous().toText());
+  }, APPLE_USER_AGENT);
+}, 300_000);
diff --git a/src/frontend/src/test-e2e/recovery/index.test.ts b/src/frontend/src/test-e2e/recovery/index.test.ts
index 63afadd5c0..328d82b3ab 100644
--- a/src/frontend/src/test-e2e/recovery/index.test.ts
+++ b/src/frontend/src/test-e2e/recovery/index.test.ts
@@ -1,6 +1,6 @@
 import { FLOWS } from "../flows";
 import { addVirtualAuthenticator, runInBrowser } from "../util";
-import { MainView, RecoverView, WelcomeView } from "../views";
+import { MainView } from "../views";
 
 import { DEVICE_NAME1, II_URL } from "../constants";
 
@@ -18,13 +18,7 @@ test("Recover with phrase", async () => {
     await mainView.waitForDisplay();
     await mainView.logout();
 
-    const welcomeView = new WelcomeView(browser);
-    await welcomeView.recover();
-    const recoveryView = new RecoverView(browser);
-    await recoveryView.waitForSeedInputDisplay();
-    await recoveryView.enterSeedPhrase(seedPhrase);
-    await recoveryView.enterSeedPhraseContinue();
-    await recoveryView.skipDeviceEnrollment();
+    await FLOWS.recoverUsingSeedPhrase(browser, seedPhrase);
     await mainView.waitForDeviceDisplay(DEVICE_NAME1);
   });
 }, 300_000);
diff --git a/src/frontend/src/test-e2e/recovery/reset.test.ts b/src/frontend/src/test-e2e/recovery/reset.test.ts
index 2efdd5f411..60e19507fa 100644
--- a/src/frontend/src/test-e2e/recovery/reset.test.ts
+++ b/src/frontend/src/test-e2e/recovery/reset.test.ts
@@ -1,6 +1,6 @@
 import { FLOWS } from "../flows";
 import { addVirtualAuthenticator, runInBrowser } from "../util";
-import { MainView, RecoverView, WelcomeView } from "../views";
+import { MainView } from "../views";
 
 import { DEVICE_NAME1, II_URL, RECOVERY_PHRASE_NAME } from "../constants";
 
@@ -14,7 +14,7 @@ test("Reset recovery phrase", async () => {
     await FLOWS.addRecoveryMechanismSeedPhrase(browser);
     await mainView.waitForDisplay();
 
-    await mainView.waitForDeviceDisplay(RECOVERY_PHRASE_NAME);
+    await mainView.waitForRecoveryDisplay(RECOVERY_PHRASE_NAME);
 
     // Ensure the settings dropdown is in view
     await browser.execute("window.scrollTo(0, document.body.scrollHeight)");
@@ -52,13 +52,7 @@ test("Recover access, after reset", async () => {
     await mainView.logout();
 
     // Recover with new phrase
-    const welcomeView = new WelcomeView(browser);
-    await welcomeView.recover();
-    const recoveryView = new RecoverView(browser);
-    await recoveryView.waitForSeedInputDisplay();
-    await recoveryView.enterSeedPhrase(seedPhrase);
-    await recoveryView.enterSeedPhraseContinue();
-    await recoveryView.skipDeviceEnrollment();
+    await FLOWS.recoverUsingSeedPhrase(browser, seedPhrase);
     await mainView.waitForDeviceDisplay(DEVICE_NAME1);
   });
 }, 300_000);
@@ -91,13 +85,7 @@ test("Canceling reset keeps old phrase", async () => {
     await mainView.logout();
 
     // Recover with old phrase
-    const welcomeView = new WelcomeView(browser);
-    await welcomeView.recover();
-    const recoveryView = new RecoverView(browser);
-    await recoveryView.waitForSeedInputDisplay();
-    await recoveryView.enterSeedPhrase(seedPhrase);
-    await recoveryView.enterSeedPhraseContinue();
-    await recoveryView.skipDeviceEnrollment();
+    await FLOWS.recoverUsingSeedPhrase(browser, seedPhrase);
     await mainView.waitForDeviceDisplay(DEVICE_NAME1);
   });
 }, 300_000);
@@ -116,13 +104,7 @@ test("Reset unprotected recovery phrase, when authenticated with phrase", async
     await mainView.waitForDisplay();
     await mainView.logout();
 
-    const welcomeView = new WelcomeView(browser);
-    await welcomeView.recover();
-    const recoveryView = new RecoverView(browser);
-    await recoveryView.waitForSeedInputDisplay();
-    await recoveryView.enterSeedPhrase(seedPhrase);
-    await recoveryView.enterSeedPhraseContinue();
-    await recoveryView.skipDeviceEnrollment();
+    await FLOWS.recoverUsingSeedPhrase(browser, seedPhrase);
     await mainView.waitForDeviceDisplay(DEVICE_NAME1);
 
     // Ensure the settings dropdown is in view
diff --git a/src/frontend/src/test-e2e/register.test.ts b/src/frontend/src/test-e2e/register.test.ts
index 2b12fe27bb..a9da59c333 100644
--- a/src/frontend/src/test-e2e/register.test.ts
+++ b/src/frontend/src/test-e2e/register.test.ts
@@ -8,13 +8,7 @@ import {
   switchToPopup,
   waitToClose,
 } from "./util";
-import {
-  AuthenticateView,
-  DemoAppView,
-  MainView,
-  RecoveryMethodSelectorView,
-  WelcomeView,
-} from "./views";
+import { AuthenticateView, DemoAppView, MainView, WelcomeView } from "./views";
 
 // Read canister ids from the corresponding dfx files.
 // This assumes that they have been successfully dfx-deployed
@@ -102,9 +96,7 @@ test("Register first then log into client application", async () => {
     const authenticateView = new AuthenticateView(browser);
     await authenticateView.waitForDisplay();
     await authenticateView.pickAnchor(userNumber);
-    const recoveryMethodSelectorView = new RecoveryMethodSelectorView(browser);
-    await recoveryMethodSelectorView.waitForDisplay();
-    await recoveryMethodSelectorView.skipRecovery();
+    await FLOWS.skipRecoveryNag(browser);
     await waitToClose(browser);
     await demoAppView.waitForDisplay();
     const principal = await demoAppView.getPrincipal();
diff --git a/src/frontend/src/test-e2e/util.ts b/src/frontend/src/test-e2e/util.ts
index 95c8c9eb65..603fbdc748 100644
--- a/src/frontend/src/test-e2e/util.ts
+++ b/src/frontend/src/test-e2e/util.ts
@@ -1,4 +1,5 @@
 import { randomString, wrapError } from "$src/utils/utils";
+import { nonNullish } from "@dfinity/utils";
 import { ChromeOptions } from "@wdio/types/build/Capabilities";
 import * as fs from "fs";
 import * as fsasync from "fs/promises";
@@ -25,7 +26,8 @@ export async function runInBrowser(
   test: (
     browser: WebdriverIO.Browser,
     runConfig: RunConfiguration
-  ) => Promise<void>
+  ) => Promise<void>,
+  userAgent?: string
 ): Promise<void> {
   // parse run configuration from environment variables
   const runConfig = parseRunConfiguration();
@@ -34,6 +36,7 @@ export async function runInBrowser(
     args: [
       "--ignore-certificate-errors", // allow self-signed certificates
       "--disable-gpu",
+      ...(nonNullish(userAgent) ? [`--user-agent=${userAgent}`] : []),
     ],
 
     // Disables permission prompt for clipboard, needed for tests using the clipboard (without this,
diff --git a/src/frontend/src/test-e2e/views.ts b/src/frontend/src/test-e2e/views.ts
index 339504dd21..247657d6fc 100644
--- a/src/frontend/src/test-e2e/views.ts
+++ b/src/frontend/src/test-e2e/views.ts
@@ -71,6 +71,10 @@ export class RegisterView extends View {
     await this.browser.$('[data-action="construct-identity"').click();
   }
 
+  async createPin(): Promise<void> {
+    await this.browser.$('[data-action="construct-pin-identity"').click();
+  }
+
   // View: Register confirmation
   async waitForRegisterConfirm(): Promise<void> {
     await this.browser
@@ -105,15 +109,80 @@ export class RegisterView extends View {
   async registerConfirmIdentity(): Promise<void> {
     await this.browser.$("#displayUserContinue").click();
   }
+
+  async assertPinRegistrationNotShown(): Promise<void> {
+    await this.browser
+      .$('[data-action="construct-pin-identity"')
+      .waitForDisplayed({ reverse: true });
+  }
 }
 
-export class RecoveryMethodSelectorView extends View {
-  async waitForDisplay(): Promise<void> {
+export class PinRegistrationView extends View {
+  async waitForPinInfo(): Promise<void> {
     await this.browser
-      .$('[data-action="cancel"]')
+      .$('[data-action="continue-pin"]')
       .waitForDisplayed({ timeout: 10_000 });
   }
 
+  async pinInfoContinue(): Promise<void> {
+    await this.browser.$('[data-action="continue-pin"').click();
+  }
+  async waitForSetPin(): Promise<void> {
+    await this.browser
+      .$('[data-role="set-pin"]')
+      .waitForDisplayed({ timeout: 10_000 });
+  }
+
+  async setPin(pin: string): Promise<void> {
+    const inputs = await this.browser.$('[data-role="set-pin"]').$$("input");
+    for (const [input, digit] of zip(inputs, pin.split(""))) {
+      await input.setValue(digit);
+    }
+  }
+  async waitForConfirmPin(): Promise<void> {
+    await this.browser
+      .$('[data-role="confirm-pin"]')
+      .waitForDisplayed({ timeout: 10_000 });
+  }
+
+  async confirmPin(pin: string): Promise<void> {
+    const inputs = await this.browser
+      .$('[data-role="confirm-pin"]')
+      .$$("input");
+    for (const [input, digit] of zip(inputs, pin.split(""))) {
+      await input.setValue(digit);
+    }
+  }
+}
+
+export class PinAuthView extends View {
+  private readonly ERROR_SELECTOR = '[data-haserror="true"]';
+  async waitForDisplay(): Promise<void> {
+    await this.browser
+      .$('[data-role="pin"]')
+      .waitForDisplayed({ timeout: 5_000 });
+  }
+
+  async enterPin(pin: string): Promise<void> {
+    const inputs = await this.browser.$('[data-role="pin"]').$$("input");
+    for (const [input, digit] of zip(inputs, pin.split(""))) {
+      await input.setValue(digit);
+    }
+  }
+
+  async waitForError(): Promise<void> {
+    await this.browser
+      .$(this.ERROR_SELECTOR)
+      .waitForDisplayed({ timeout: 5_000 });
+  }
+}
+
+export class RecoveryMethodSelectorView extends View {
+  private readonly SELECTOR = '[data-page="add-recovery-phrase"]';
+  async waitForDisplay(): Promise<void> {
+    await this.browser.$(this.SELECTOR).waitForExist();
+  }
+
   async waitForSeedPhrase(): Promise<void> {
     await this.browser
       .$('[data-role="recovery-words"]')
@@ -190,7 +259,9 @@ export class MainView extends View {
   }
 
   async waitForDeviceCount(deviceName: string, count: number): Promise<void> {
-    const elems = await this.browser.$$(`//li[@data-device="${deviceName}"]`);
+    const elems = await this.browser.$$(
+      `//aside[@data-role="passkeys"]//li[@data-device="${deviceName}"]`
+    );
     if (elems.length !== count) {
       throw Error("Bad number of elements");
     }
@@ -198,14 +269,20 @@ export class MainView extends View {
 
   async waitForDeviceDisplay(deviceName: string): Promise<void> {
     await this.browser
-      .$(`//li[@data-device="${deviceName}"]`)
+      .$(`//aside[@data-role="passkeys"]//li[@data-device="${deviceName}"]`)
       .waitForDisplayed({ timeout: 10_000 });
   }
 
-  async waitForDeviceNotDisplay(deviceName: string): Promise<void> {
+  async waitForRecoveryDisplay(deviceName: string): Promise<void> {
     await this.browser
-      .$(`//li[@data-device="${deviceName}"]`)
-      .waitForDisplayed({ timeout: 10_000, reverse: true });
+      .$(`//aside[@data-role="recoveries"]//li[@data-device="${deviceName}"]`)
+      .waitForDisplayed({ timeout: 10_000 });
+  }
+
+  async waitForTempKeyDisplay(deviceName: string): Promise<void> {
+    await this.browser
+      .$(`//aside[@data-role="temp-keys"]//li[@data-device="${deviceName}"]`)
+      .waitForDisplayed({ timeout: 10_000 });
   }
 
   async addAdditionalDevice(): Promise<void> {
@@ -236,6 +313,11 @@ export class MainView extends View {
     await renameView.submit();
   }
 
+  async remove(deviceName: string): Promise<void> {
+    await this.openDeviceActions({ deviceName });
+    await this.deviceAction({ deviceName, action: "remove" }).click();
+  }
+
   async protect(deviceName: string, seedPhrase: string): Promise<void> {
     await this.openDeviceActions({ deviceName });
     await this.deviceAction({ deviceName, action: "protect" }).click();
diff --git a/src/frontend/src/utils/iiConnection.ts b/src/frontend/src/utils/iiConnection.ts
index 17c0b4f37c..f3dece5ce1 100644
--- a/src/frontend/src/utils/iiConnection.ts
+++ b/src/frontend/src/utils/iiConnection.ts
@@ -7,6 +7,7 @@ import {
   AnchorCredentials,
   Challenge,
   ChallengeResult,
+  CredentialId,
   DeviceData,
   DeviceKey,
   FrontendHostname,
@@ -41,7 +42,6 @@ import {
 import { Principal } from "@dfinity/principal";
 import { isNullish, nonNullish } from "@dfinity/utils";
 import * as tweetnacl from "tweetnacl";
-import { authenticatorAttachmentToKeyType } from "./authenticatorAttachment";
 import { MultiWebAuthnIdentity } from "./multiWebAuthnIdentity";
 import { RecoveryDevice, isRecoveryDevice } from "./recoveryDevice";
 import { isWebAuthnCancel } from "./webAuthnErrorUtils";
@@ -126,11 +126,15 @@ export class Connection {
   register = async ({
     identity,
     tempIdentity,
+    credentialId,
+    keyType,
     alias,
     challengeResult,
   }: {
-    identity: IIWebAuthnIdentity;
+    identity: SignIdentity;
     tempIdentity: SignIdentity;
+    credentialId?: CredentialId;
+    keyType: KeyType;
     alias: string;
     challengeResult: ChallengeResult;
   }): Promise<RegisterResult> => {
@@ -149,7 +153,6 @@ export class Connection {
     }
 
     const actor = await this.createActor(delegationIdentity);
-    const credential_id = Array.from(new Uint8Array(identity.rawId));
     const pubkey = Array.from(new Uint8Array(identity.getPublicKey().toDer()));
 
     let registerResponse: RegisterResponse;
@@ -158,10 +161,8 @@ export class Connection {
         {
           alias,
           pubkey,
-          credential_id: [credential_id],
-          key_type: authenticatorAttachmentToKeyType(
-            identity.getAuthenticatorAttachment()
-          ),
+          credential_id: credentialId ? [credentialId] : [],
+          key_type: keyType,
           purpose: { authentication: null },
           protection: { unprotected: null },
           origin: readDeviceOrigin(),
@@ -286,17 +287,22 @@ export class Connection {
   fromIdentity = async (
     userNumber: bigint,
     identity: SignIdentity
-  ): Promise<AuthenticatedConnection> => {
+  ): Promise<LoginSuccess> => {
     const delegationIdentity = await this.requestFEDelegation(identity);
     const actor = await this.createActor(delegationIdentity);
 
-    return new AuthenticatedConnection(
+    const connection = new AuthenticatedConnection(
       this.canisterId,
       identity,
       delegationIdentity,
       userNumber,
       actor
     );
+    return {
+      kind: "loginSuccess",
+      userNumber,
+      connection,
+    };
   };
 
   fromSeedPhrase = async (
diff --git a/src/frontend/test-setup.ts b/src/frontend/test-setup.ts
index 897d3d162c..6af69e49aa 100644
--- a/src/frontend/test-setup.ts
+++ b/src/frontend/test-setup.ts
@@ -1,3 +1,4 @@
+import indexeddb from "fake-indexeddb";
 import { TextEncoder } from "util";
 import { vi } from "vitest";
 
@@ -50,3 +51,4 @@ global.crypto = require("crypto").webcrypto;
 // eslint-disable-next-line
 global.CryptoKey = require("crypto").webcrypto.CryptoKey;
 global.TextEncoder = TextEncoder;
+global.indexedDB = indexeddb;
diff --git a/src/showcase/src/flows.ts b/src/showcase/src/flows.ts
index 3954f2f4ae..d4530ab2be 100644
--- a/src/showcase/src/flows.ts
+++ b/src/showcase/src/flows.ts
@@ -1,9 +1,23 @@
 import { authenticateBoxFlow } from "$src/components/authenticateBox";
+import { withLoader } from "$src/components/loader";
 import { toast } from "$src/components/toast";
 import { registerFlow, RegisterFlowOpts } from "$src/flows/register";
 import { html, render, TemplateResult } from "lit-html";
 import { dummyChallenge, i18n, manageTemplates } from "./showcase";
 
+const registerSuccessToastTemplate = (result: unknown) => html`
+  Identity successfully created!<br />
+  <p class="l-stack">
+    <strong class="t-strong">${prettyResult(result)}</strong>
+  </p>
+  <button
+    class="l-stack c-button c-button--secondary"
+    @click=${() => window.location.reload()}
+  >
+    reload
+  </button>
+`;
+
 export const flowsPage = () => {
   document.title = "Flows";
   const container = document.getElementById("pageContent") as HTMLElement;
@@ -28,18 +42,24 @@ const registerFlowOpts: RegisterFlowOpts<null> = {
     };
   },
   registrationAllowed: true,
+  storePinIdentity: () => {
+    toast.info("PIN identity was stored");
+    return Promise.resolve();
+  },
+  pinAllowed: () => Promise.resolve(false),
+  uaParser: Promise.resolve(undefined),
 } as const;
 
 export const iiFlows: Record<string, () => void> = {
   loginManage: async () => {
-    const result = await authenticateBoxFlow<null>({
+    const result = await authenticateBoxFlow<null, "identity">({
       i18n,
       templates: manageTemplates,
       addDevice: () => {
         toast.info(html`Added device`);
         return Promise.resolve({ alias: "My Device" });
       },
-      login: async () => {
+      loginPasskey: async () => {
         await new Promise((resolve) => setTimeout(resolve, 2000));
         toast.info(html`Logged in`);
         return Promise.resolve({
@@ -48,6 +68,25 @@ export const iiFlows: Record<string, () => void> = {
           connection: null,
         });
       },
+      loginPinIdentityMaterial: async ({ pin }) => {
+        toast.info(html`Valid PIN is '123456'`);
+        await withLoader(
+          () => new Promise((resolve) => setTimeout(resolve, 2000))
+        );
+        if (pin !== "123456") {
+          return Promise.resolve({
+            tag: "err",
+            title: "Invalid PIN",
+            message: "Invalid PIN",
+          });
+        }
+        toast.info(html`Logged in`);
+        return Promise.resolve({
+          tag: "ok",
+          userNumber: BigInt(1234),
+          connection: null,
+        });
+      },
       recover: () => {
         toast.info(html`Recovered`);
         return Promise.resolve({
@@ -56,6 +95,18 @@ export const iiFlows: Record<string, () => void> = {
           connection: null,
         });
       },
+      retrievePinIdentityMaterial: ({ userNumber }) => {
+        toast.info(
+          html`Looking up identity for ${userNumber} (pretending only 10000 has
+          pin identity)`
+        );
+
+        if (userNumber !== BigInt(10000)) {
+          return Promise.resolve(undefined);
+        }
+
+        return Promise.resolve("identity");
+      },
       registerFlowOpts,
     });
     toast.success(html`
@@ -73,19 +124,14 @@ export const iiFlows: Record<string, () => void> = {
   },
   register: async () => {
     const result = await registerFlow<null>(registerFlowOpts);
-
-    toast.success(html`
-      Identity successfully created!<br />
-      <p class="l-stack">
-        <strong class="t-strong">${prettyResult(result)}</strong>
-      </p>
-      <button
-        class="l-stack c-button c-button--secondary"
-        @click=${() => window.location.reload()}
-      >
-        reload
-      </button>
-    `);
+    toast.success(registerSuccessToastTemplate(result));
+  },
+  registerWithPin: async () => {
+    const result = await registerFlow<null>({
+      ...registerFlowOpts,
+      pinAllowed: () => Promise.resolve(true),
+    });
+    toast.success(registerSuccessToastTemplate(result));
   },
 };
 
diff --git a/src/showcase/src/pages/[page].astro b/src/showcase/src/pages/[page].astro
index 2bc8a8d9cc..ae8d258c2b 100644
--- a/src/showcase/src/pages/[page].astro
+++ b/src/showcase/src/pages/[page].astro
@@ -3,6 +3,7 @@ import Layout from "../layouts/Layout.astro";
 import "$src/styles/main.css";
 export const iiPageNames = [
   "displayUserNumber",
+  "displayUserNumberTempKey",
   "compatibilityNotice",
   "promptDeviceAlias",
   "authorizeNew",
@@ -28,11 +29,13 @@ export const iiPageNames = [
   "savePasskeyWithPin",
   "promptCaptcha",
   "promptCaptchaReady",
+  "pinInfo",
   "setPin",
   "confirmPin",
   "usePin",
   "displayManage",
   "displayManageSingle",
+  "displayManageTempKey",
   "pollForTentativeDevicePage",
   "deviceRegistrationDisabledInfo",
   "showVerificationCode",
@@ -51,6 +54,8 @@ export const iiPageNames = [
   "showMessage",
   "showSpinner",
   "addDeviceSuccess",
+  "vcPrompt",
+  "vcSelect",
 ];
 
 export function getStaticPaths() {
diff --git a/src/showcase/src/pages/flows/[flow].astro b/src/showcase/src/pages/flows/[flow].astro
index 1e6e7a5f2e..d70cdfb031 100644
--- a/src/showcase/src/pages/flows/[flow].astro
+++ b/src/showcase/src/pages/flows/[flow].astro
@@ -2,7 +2,7 @@
 import Layout from "../../layouts/Layout.astro";
 import "$src/styles/main.css";
 
-export const iiFlowNames = ["loginManage", "register"];
+export const iiFlowNames = ["loginManage", "register", "registerWithPin"];
 export function getStaticPaths() {
   return iiFlowNames.map((flow) => ({ params: { flow } }));
 }
diff --git a/src/showcase/src/showcase.ts b/src/showcase/src/showcase.ts
index 7bfba524d6..3a771eb3ab 100644
--- a/src/showcase/src/showcase.ts
+++ b/src/showcase/src/showcase.ts
@@ -31,7 +31,9 @@ import {
   resetPhraseInfoPage,
   unprotectDeviceInfoPage,
 } from "$src/flows/manage/deviceSettings";
+import { tempKeyWarningBox } from "$src/flows/manage/tempKeys";
 import { confirmPinPage } from "$src/flows/pin/confirmPin";
+import { pinInfoPage } from "$src/flows/pin/pinInfo";
 import { setPinPage } from "$src/flows/pin/setPin";
 import { usePinPage } from "$src/flows/pin/usePin";
 import {
@@ -156,6 +158,15 @@ export const iiPages: Record<string, () => void> = {
       identityBackground,
       userNumber,
       onContinue: () => console.log("done"),
+      stepper: registerStepper({ current: "finish" }),
+    }),
+  displayUserNumberTempKey: () =>
+    displayUserNumberPage({
+      identityBackground,
+      userNumber,
+      onContinue: () => console.log("done"),
+      stepper: registerStepper({ current: "finish" }),
+      marketingIntroSlot: tempKeyWarningBox({ i18n: new I18n("en") }),
     }),
   compatibilityNotice: () => compatibilityNotice("This is the reason."),
   promptDeviceAlias: () =>
@@ -349,6 +360,12 @@ export const iiPages: Record<string, () => void> = {
       onContinue: () => console.log("Done"),
       i18n,
     }),
+  pinInfo: () =>
+    pinInfoPage({
+      i18n,
+      onContinue: () => console.log("continue"),
+      cancel: () => console.log("cancel"),
+    }),
   setPin: () =>
     setPinPage({
       i18n,
@@ -361,12 +378,26 @@ export const iiPages: Record<string, () => void> = {
       onContinue: () => console.log("PIN confirmed"),
       expectedPin: "123456",
       cancel: () => console.log("cancel"),
+      retry: () => console.log("retry"),
     }),
   usePin: () =>
     usePinPage({
+      verify: (pin: string) => {
+        toast.info(`submitted pin: '${pin}'`);
+        if (pin !== "123456") {
+          toast.info("correct pin is '123456'");
+          return Promise.resolve({ ok: false, error: "Invalid PIN" });
+        }
+        return Promise.resolve({
+          ok: true,
+          value: pin,
+        });
+      },
       i18n,
       onContinue: (pin) =>
-        toast.info(html`PIN: <strong class="t-strong">${pin}</strong>`),
+        toast.success(
+          html`Success, PIN: <strong class="t-strong">${pin}</strong>`
+        ),
       onUsePasskey: () => toast.info("Requested to use passkey"),
       cancel: () => toast.info("Canceled"),
     }),
@@ -400,6 +431,7 @@ export const iiPages: Record<string, () => void> = {
             reset: () => Promise.resolve(),
           },
         },
+        pinAuthenticators: [],
       },
       onAddDevice: () => {
         console.log("add device requested");
@@ -428,6 +460,7 @@ export const iiPages: Record<string, () => void> = {
           },
         ],
         recoveries: {},
+        pinAuthenticators: [],
       },
       onAddDevice: () => {
         console.log("add device requested");
@@ -444,48 +477,40 @@ export const iiPages: Record<string, () => void> = {
       },
     });
   },
-
-  prompt: () =>
-    promptPage({
-      _i18n: i18n,
-      userNumber: BigInt(1234),
-      knownDapp: openChat,
-      cancel: () => console.log("cancel"),
-    }),
-  select: () =>
-    selectPage({
-      _i18n: i18n,
-      userNumber: BigInt(1234),
-      relying: { dapp: openChat, reason: "you hold an 8 year neuron" },
-      verify: async (dapp) => {
-        console.log("Verifying through " + dapp.name + "...");
-
-        // Hacky button to resolve the fake promise
-        await new Promise<void>((resolve) => {
-          const closeBtn = document.createElement("button");
-          closeBtn.onclick = () => {
-            closeBtn.remove();
-            resolve();
-          };
-          closeBtn.classList.add("c-button");
-          closeBtn.style.position = "absolute";
-          closeBtn.style.inset = "0 0 auto auto";
-          closeBtn.style.width = "fit-content";
-          closeBtn.style.fontSize = "10px";
-          closeBtn.style.padding = "2px 4px";
-          closeBtn.style.marginTop = "0";
-          closeBtn.innerText = "done";
-          closeBtn.dataset.role = "done";
-          document.body.appendChild(closeBtn);
-        });
-        console.log("Done.");
+  displayManageTempKey: () => {
+    displayManagePage({
+      identityBackground,
+      userNumber,
+      devices: {
+        authenticators: [],
+        recoveries: {},
+        pinAuthenticators: [
+          {
+            alias: "Chrome on iPhone",
+            rename: () => console.log("rename"),
+            remove: () => console.log("remove"),
+          },
+        ],
       },
-
-      providers: [nnsDapp, juno],
-      onContinue: (res) => {
-        console.log("Received result", res);
+      onAddDevice: () => {
+        console.log("add device requested");
       },
-    }),
+      addRecoveryPhrase: () => {
+        console.log("add recovery phrase");
+      },
+      addRecoveryKey: () => {
+        console.log("add recovery key");
+      },
+      dapps,
+      exploreDapps: () => {
+        console.log("explore dapps");
+      },
+      tempKeysWarning: {
+        tag: "add_recovery",
+        action: () => console.log("add recovery phrase"),
+      },
+    });
+  },
   pollForTentativeDevicePage: () =>
     pollForTentativeDevicePage({
       cancel: () => console.log("canceled"),
@@ -612,6 +637,47 @@ export const iiPages: Record<string, () => void> = {
       deviceAlias: chromeDevice.alias,
       onContinue: () => console.log("Continue"),
     }),
+  vcPrompt: () =>
+    promptPage({
+      _i18n: i18n,
+      userNumber: BigInt(1234),
+      knownDapp: openChat,
+      cancel: () => console.log("cancel"),
+    }),
+  vcSelect: () =>
+    selectPage({
+      _i18n: i18n,
+      userNumber: BigInt(1234),
+      relying: { dapp: openChat, reason: "you hold an 8 year neuron" },
+      verify: async (dapp) => {
+        console.log("Verifying through " + dapp.name + "...");
+
+        // Hacky button to resolve the fake promise
+        await new Promise<void>((resolve) => {
+          const closeBtn = document.createElement("button");
+          closeBtn.onclick = () => {
+            closeBtn.remove();
+            resolve();
+          };
+          closeBtn.classList.add("c-button");
+          closeBtn.style.position = "absolute";
+          closeBtn.style.inset = "0 0 auto auto";
+          closeBtn.style.width = "fit-content";
+          closeBtn.style.fontSize = "10px";
+          closeBtn.style.padding = "2px 4px";
+          closeBtn.style.marginTop = "0";
+          closeBtn.innerText = "done";
+          closeBtn.dataset.role = "done";
+          document.body.appendChild(closeBtn);
+        });
+        console.log("Done.");
+      },
+
+      providers: [nnsDapp, juno],
+      onContinue: (res) => {
+        console.log("Received result", res);
+      },
+    }),
 };
 
 const showcase: TemplateResult = html`