Login: Portable identity in Web3 requires a crypto native solution, says Weiwu Zhang, the co-founder of AlphaWallet.
Before you read this, think about how many times you’ve been asked to log into, or out of, an online space today. Chances are that you may be reading these words on a browser, website, or app that – at some point – required you to sign up and/or log in.
In Web2, we are constantly signing into, or out of, different environments before we can read, shop, play games or communicate. Watching a video requires one set of credentials; checking email or social media accounts requires another. Something as simple as looking up flight details can require two or three different sets of credentials.
The repetitive process of identity verification and re-verification that we must navigate in Web2 isn’t just tedious. It’s indicative of a much deeper infrastructural issue that will ultimately prevent the realization of a fully-formed, intelligent Web3 – one that is capable of autonomously gathering and synthesizing information in response to our questions.
Universal Login Isn’t the Answer
A commonly proposed way to simplify the navigation of the Internet’s disparate infrastructure is to create a sort of “universal login”: a single set of credentials that can be used seamlessly across all online platforms. While a solution of this kind could make the experience of using Web2 more convenient, it fails to address the underlying issue.
The problem with a universal login solution isn’t the type of information needed to log in – it’s the need to log in in the first place.
We all hate logging in! If we create a truly intelligent internet that fulfills the Web3 promise of user control over personal data, we must first rethink the everyday experience.
We must eliminate the login that ties user data to third parties. Instead, we base our interactions instead on two of blockchain’s most promising innovations: smart tokens and the smart contracts that underpin them. Using these flexible, decentralized tools, we can elevate the level of trust beyond the user-website pair, rendering the need to sign in – and out – obsolete.
Identity and Infrastructure in Web3
The concept of identity in Web3 has been a hot topic for some time, perhaps because of the central role it plays in Web2. In today’s Internet, identity offers users the keys to the kingdom: to access the centralized walled gardens that dominate the online world, we must first hand over our names, email addresses, birthdates, and other personal data.
Not only does this model of identity verification give Google, Facebook, Apple, and the like access to and power over our information, it brings with it a host of other problems, not least the lack of interoperability. In Web2’s fragmented infrastructure, the tangible and intangible assets that we build on each platform are non-transferable. All that we are, create, purchase, or receive on a given platform is shackled to that platform forever. This also poses a significant security risk: if we lose access to our accounts for whatever reason, we also lose access to any assets linked to those accounts, including our online identities themselves.
A universal login mechanism?
It’s tempting to think that introducing a universal login mechanism would solve all of these problems. After all, if we can use a single identifier across the Internet, wouldn’t that eliminate the logistical barriers between websites and online applications?
Perhaps to a certain extent it would. But a universal login solution wouldn’t in and of itself topple the barricades between the walled gardens of Web2. It would simply act as a skeleton key that fits the gates of each one. Since these environments would remain centralized and separate, the points of identity verification and re-verification would continue to impede the flow of information and action around the web.
A truly intelligent and integrated internet will only be possible with a mechanism that allows users to freely move and engage with applications without any need to log in. This is where smart tokens and smart contracts come into play.
Token-Based Identity Authentication In Action
If you’re reading this, chances are you already know what smart contracts are: blockchain-based bits of code that run when predetermined conditions are met. Like smart contacts, smart tokens also live on a blockchain. They are also intelligent, programmable, and capable of storing data – including identity – in a way that is easily accessible by smart contracts.
Unlike universal login, a system of smart token-based identity would eliminate the need for constant verification and re-verification. Removing this onerous requirement would go a long way toward the creation of a seamless, integrated Web3 landscape where there are no forms to fill or promotional codes to enter. Instead, all relevant information can be coded into tokens held securely in user wallets. This information is then verified through zero-knowledge cryptography, which allows smart contracts to verify whether a piece of data is true without sharing the details with a third party.
The login dream
Imagine visiting an online game shop using smart token-based identity. You connect your digital wallet to your browser before accessing the store. In your wallet are two types of smart tokens unique to you: a Loyalty Token and an Identity Token. The Loyalty Token would house information about your previous purchases from the store, while the Identity Token would contain data such as your name, age, and contact details, for use only when needed.
- Instead of uploading an image of your photo identification or providing your birthdate to a shopkeeper, your identity token would interact with a smart contract to let it know you are over 18. No login is required.
- Your wallet would also let the shop’s smart contracts know that you carry a specific cryptocurrency (e.g. ETH), useful when there are discounts on games offered to buyers who pay in those currencies. Again, no login is required.
Because the relationship between tokens and smart contracts supersedes the trust relationship of the user-website pair, the need for login gateways or passwords is eliminated.
No Login? No Problem
The introduction of token-based identity verification is essential to the creation of an intelligent Internet. Tokens are flexible, smart and secure, and can be used across a wide spectrum of websites, ultimately eliminating the need for logging in.
Token-based identity authentication may not completely replace login-based verification, and it won’t necessarily need to. Nor will the success of token-based identity depend upon the internet’s willingness to do away with login-based authentication altogether.
But for the websites and online applications that are willing to adopt a token-based authentication model – and I believe that number will grow sharply in the years to come – users can at last enjoy a uniquely secure and seamless experience – no login required.
Got something to say? Write to us or join the discussion in our Telegram channel.
All the information contained on our website is published in good faith and for general information purposes only. Any action the reader takes upon the information found on our website is strictly at their own risk.