Login: Portable identity in Web3 requires a native crypto solution, says Weiwu Zhang, co-founder of AlphaWallet.
Before reading this, think about how many times you have been asked to sign in or out of an online space today. Chances are you’re reading these words on a browser, website, or app that at some point has asked you to register and/or log in.
In Web2, we constantly log in or out of different environments before we can read, shop, play games, or communicate. Watching a video requires a set of credentials; checking emails or social media accounts requires another one. Something as simple as looking up flight details might require two or three different sets of credentials.
The repetitive identity verification and re-verification process we have to navigate through in Web2 isn’t just tedious. It’s indicative of a much deeper infrastructure problem that will ultimately prevent the realization of a fully trained and intelligent Web3 that can autonomously collect and synthesize information in response to our questions.
Universal connection is not the solution
A commonly proposed way to simplify navigating the disparate infrastructure of the Internet is to create a kind of “universal login”: a single set of credentials that can be used seamlessly across all online platforms. . Although such a solution may make the experience of using Web2 more convenient, it does not solve the underlying problem.
The problem with a universal login solution isn’t the type of information needed to login – it’s the need to login in the first place.
We all hate going online! If we’re creating a truly intelligent Internet that delivers on Web3’s promise of user control over personal data, we must first redesign the everyday experience.
We need to eliminate the connection that links user data to third parties. Instead, we base our interactions on two of blockchain’s most promising innovations: smart tokens and the smart contracts that underpin them. By using these flexible and decentralized tools, we can elevate the level of trust beyond the user-website pair, making the need to log in and out obsolete.
Identity and infrastructure in Web3
The concept of identity in Web3 has been a hot topic for some time, perhaps due to the central role it plays in Web2. In today’s Internet, identity offers users the keys to the kingdom: to access the centralized walled gardens that dominate the online world, we must first provide our names, email addresses, birth and other personal data.
Not only does this identity verification model give Google, Facebook, Apple, and others access and power over our information, it leads to a host of other problems, including lack of interoperability. In Web2’s fragmented infrastructure, the tangible and intangible assets we build on each platform are not transferable. Everything we are, create, buy or receive on any given platform is chained to that platform forever. It also poses a significant security risk: if we lose access to our accounts for any reason, we also lose access to all assets linked to those accounts, including our online identities themselves.
A universal login mechanism?
It is tempting to think that the introduction of a universal login mechanism would solve all these problems. After all, if we could use a unique identifier on the Internet, wouldn’t that eliminate the logistical barriers between websites and online applications?
Maybe to some extent it would be. But a universal login solution alone would not topple the barricades between the walled gardens of Web2. It would simply act as a skeleton key that fits everyone’s doors. Because these environments would remain centralized and separate, identity verification and re-verification points would continue to impede the flow of information and action across the web.
A truly intelligent and integrated Internet will only be possible with a mechanism that allows users to move freely and engage with applications without needing to log on. It’s there that smart tokens and smart contracts get in the game.
Token-Based Identity Authentication in Action
If you’re reading this, chances are you already know what smart contracts are: blockchain-based pieces of code that execute when pre-determined conditions are met. Like smart contacts, smart tokens also live on a blockchain. They are also smart, programmable, and able to store data – including identity – in a way easily accessed by smart contracts.
Unlike universal login, a smart token-based identity system would eliminate the need for constant verification and re-verification. Removing this onerous requirement would go a long way towards creating a seamless and integrated Web3 landscape where there are no forms to fill out or promo codes to enter. Instead, all relevant information can be encoded in tokens held securely in users’ wallets. This information is then verified through zero-knowledge cryptography, which allows smart contracts to verify if a piece of data is true without sharing the details with a third party.
The connection dream
Imagine visiting an online game store using an identity based on smart tokens. You connect your digital wallet to your browser before accessing the store. Your wallet contains two types of smart tokens unique to you: a loyalty token and an identity token. The loyalty token would contain information about your previous purchases in the store, while the identity token would contain data such as your name, age and contact details, to be used only when needed.
- Instead of uploading an image of your photo ID or providing your date of birth to a merchant, your ID token would interact with a smart contract to let them know you’re over 18. No login is required.
- Your wallet would also allow the store’s smart contracts to know that you are carrying a specific cryptocurrency (e.g. ETH), useful when discounts on games are offered to buyers who pay in those currencies. Again, no login is required.
Since the relationship between tokens and smart contracts replaces the trust relationship of the user-website pair, the need for login gateways or passwords is eliminated.
No connection ? No problem
The introduction of token-based identity verification is key to creating a smart internet. Tokens are flexible, smart and secure and can be used on a wide range of websites, eliminating the need to log in.
Token-based identity authentication may not fully replace login-based verification, nor will it necessarily need it. Nor will the success of token-based identity depend on the Internet’s willingness to completely remove login-based authentication.
But for websites and online applications that want to adopt a token-based authentication model – and I expect that number to rise sharply in the coming years – users can finally enjoy a single, secure and seamless – no login required.
Do you have something to say ? Write to us or join the discussion on our Telegram channel.
All information contained on our website is published in good faith and for general information purposes only. Any action the reader takes on the information found on our website is strictly at their own risk.