Is There a Need For Non-wallet Web3 Authentication?
A crypto wallet serves 2 purposes; to hold your cryptocurrency, and to authenticate you on Web3, right? It’s your passport on the blockchain, the key to accessing dApps, and your magic carpet to the far off lands of decentralization. It’s been this way since the first Bitcoin wallet. But like any other legacy technology, are we appealing to the “if it ain’t broke, don’t fix it” maxim? Do crypto wallets still make sense as the only way to facilitate authentication on Web3?
Holistically, we’d say yes. But with a caveat. Crypto wallets are fantastic for those familiar with Web3 and on-chain activities. Not so much for onboarding new users. There’s a learning curve and an expectation that you’ll just “get it” that can serve as a deterrent. Perhaps not for everyone, but for enough potential users to make them second guess downloading a wallet, populating it, and using it as their browser for Web3. It was that way for me.
But perhaps, there’s a way to get online without relying on a wallet? To keep things simple for this blog, let’s pretend that everyone uses MetaMask as their wallet and passport to Web3. It is the most popular non-custodial wallet on the market, with 30 million+ monthly active users, so it’s not a stretch. It requires registration, remembering a seed phrase, then going in and adding chains, buying cryptocurrency (especially ETH for gas fees), and then you’re rolling.
What if, though, there was a way to rely on login methods that everyone, especially Web2 users, are already familiar with.
That might be secret to mass adoption and onboarding.
But First, Why Bother?
The point of this blog is not only to get Web2 users on board, but to also suggest that existing Web3 users, with MetaMask wallets might want to consider alternatives.
The collection of user’s data was only if the wallet holder relied on MetaMask’s default Remote Procedure Call (RPC) application - Infura. If someone were to use their own Ethereum node, or a third party RPC node with their MetaMask wallet, they would be exempt from ConsenSys’s new privacy rules, and subject to the terms of the other RPC provider.
All of a sudden anonymity and consumer privacy was under threat, now that a log would exist that tied IPs to transactions. As well, as soon as you unlock the wallet, a record is made that records all the addresses under that IP. This makes it significantly easier to identify who the user is and where they’re located. And they weren’t the only ones - Coinbase has also been collecting IP addresses, due to the increasing complexity of compliance regulations.
So, while there are tricks to avoid being tracked, why should anyone be forced to jump through hoops to avoid identifying themselves semi-publicly, when all they want to do is get on-chain?
This is why Web3 authentication alternatives exist.
There isn’t a shortage of valid options to avoid crypto wallets like MetaMask, especially for those new to the blockchain ecosystem. Each has specific things that appeal to users and use cases. If you’re a developer looking to build a dApp that is looking to entice Web2 users into Web3, then these alternatives can help.
Option 1: Use Your Web2 Identity
Since MetaMask is already threatening to connect Web3 transactions to specific IP addresses, then actually being open about your Web2 identity isn't all that scary.
One of the most reputable ways to get onboarded on Web3, without a traditional crypto wallet is with Magic, courtesy of Magic Labs. This is an SDK that you can use to create a wallet, authenticate, and manage keys, via a SSO such as an email address, phone number, or social account. This way, all the work is done behind the scenes, and users can interact natively with dApps and chains, using their established identities from Web2.
Once set up, with one click, users can work across chains and dApps, and even on/off board crypto. This makes this tool an easy entry point if anyone is unsure about Web3, and are looking to dip their toes in the water slowly, and they don’t want to deal with apps on their phone, extensions on their browsers, and saving key seed phrases somewhere they’ll remember.
Magic also offers non-custodial key management, with a secure infrastructure that is GDPR and SOC 2 compliant. According to their site, their parent organization is a cybersecurity company, so they’re no stranger to automated security protocols and preventing malicious login attacks.
Option 2: Use an Open Source “Wallet” Protocol
There are also bridges and connectors that can help a user get Web3 savvy. Mistakenly referred to as an app or crypto wallet, WalletConnect is an open source protocol that connects crypto wallets and dApps. What this does is serve as a secure proxy between the dApp/chain/device (mobile/desktop/web) you’re connecting to and the wallet that holds your cryptocurrency. It even works with DeFi and NFTs, with a simple sign on. And facilitating that connection is as easy as scanning a QR code.
Not only that, you can connect to a wallet and one or more chains simultaneously and send transactions to different chains at the same time. There’s no need to switch between chains. From that perspective, the interoperability takes away a lot of the complexity that using a traditional MetaMask wallet entails, without compromising security. Currently, dApps on Ethereum, Solana, and many other chains are working harmoniously with a wide variety of wallets such as Rainbow, Trust Wallet, or Argent, via WalletConnect.
By relying on a symmetrical encryption via a shared key between peers, the connection that WalletConnect facilitates is pretty secure. More so, each transaction that’s facilitated between the two parties via Wallet Connect requires a one-click verification to ensure you’re signing off on your activity. Which means you remain in control of your transactions.
Option 3: A Crypto Multi-tool
Finally, there are also jack-of-all-trades types of authenticators that do a little bit of everything. Similar to Magic, there is another non-MetaMask wallet tool called Web3Auth. This is a simple, non-custodial auth infrastructure that enables Web3 wallets and applications to provide seamless user logins that emulate Web2 login methods. It's both user friendly, and decentralized.
Much like the tool above, it’s embedded into the dApp, and makes it easy for a non-Web3 native to get onboarded to the blockchain. It’s chain agnostic, and the login/authentication can be integrated with any wallet, platform, chain, and even social networks like Google, Discord, and Twitch.
Web3Auth also offers other features that make having a MetaMask wallet seem a downgrade in comparison. For example, the tool offers an API for fiat-to-crypto, so customers can purchase and interact with the chain directly, within the dApp. Again, if a user were to have any hesitation in relying on MetaMask to authenticate and manage their crypto, this tool can help the user find their footing on the chain they choose.
The tool also offers non-custodial, multi factor authentication without relying on seed phrases, which are relatively easy to misplace.
Non-Wallet Web3 Authentication is Just The Start
It’s no secret that we’re advocates for making Web3 as easy to use as possible and offering access to the blockchain that doesn’t require hoop-jumping. Which means yes, there is a need for ways to authenticate blockchain access that isn’t prohibitive or complicated. It should be easy.
The best way to do this is to go with what we already know works; Web2 tools. There are use cases and tools that have been through the gamut of user testing in Web2 that offer the perfect template for how we should be approaching Web3. From integrations and app/dApp marketplaces, to enabling users to utilize a SSO of their choosing to log in and verify their identity, the ideas are out there. They just need to be implemented in a way that honors Web3’s decentralized and open nature.
Web3 isn’t about putting people in a box, and dictating how they can use the internet, in exchange for their private information. Web3 is about freedom. That’s why non-Wallet authentication methods exist. There’s absolutely nothing wrong with using a MetaMask, Rainbow, or a wallet of your choosing, as a passport and authenticator for the blockchain. But it’s also good to have alternate methods to authenticate as well, that allow users to continue using the legacy login methods they’ve been using to date.
It’s that very same idea, about allowing Web3 users to “go with what they know”, for example that drives Grindery. Other tools and protocols enable you to connect dApp to dApp, or wallet to chain, and any other combination in between. We’re building on that. We’re creating a protocol that allows app to dApp collaboration, Web2 SaaS tools synchronizing with Web3 chains, and so on. We’re breaking down the walls between Webs 2 and 3, while keeping the principles of the blockchain in place.
Then, we’re going to build a better future.