Read on Twitter
The Ethereum community has accidentally solved a major problem of the Internet: Single Sign-On
"Sign-In w/ Ethereum" is the future of login for *every app on the Internet*, crypto-related or not
Not just an idea, it's already the norm for web3 & will spread
warning long
1/
"Sign-In w/ Ethereum" is the future of login for *every app on the Internet*, crypto-related or not
Not just an idea, it's already the norm for web3 & will spread
warning long
1/
First, what is "Single Sign-On"?
It can mean different things depending on context, but here I mean:
*an average person having one username and password/authentication method that works across all services*
2/
It can mean different things depending on context, but here I mean:
*an average person having one username and password/authentication method that works across all services*
2/
The Internet has no personal username/authentication system built-in
IP addresses change & are based on device/location, & DNS was never really meant to be a personal username system
But services need to know who you are. So each created their own username/password system
3/
IP addresses change & are based on device/location, & DNS was never really meant to be a personal username system
But services need to know who you are. So each created their own username/password system
3/
We all know what happened
- ppl re-using weak passwords written on post-it notes
- sign-up fatigue ("i have to create *another* un/pw?")
- hacks + data dumps
http://haveibeenpwned.com
Yes, ppl can use password managers etc, but this doesn't happen in practice
4/
- ppl re-using weak passwords written on post-it notes
- sign-up fatigue ("i have to create *another* un/pw?")
- hacks + data dumps
http://haveibeenpwned.com Yes, ppl can use password managers etc, but this doesn't happen in practice
4/
One solution in the last decade has been Social Sign-On.
You probably already have an account w/ Google, Facebook, etc, so why not just sign-in w/ that to new services?
Users don't have to create *yet another* un/pw, & new services don't have to manage it - win/win!
5/
You probably already have an account w/ Google, Facebook, etc, so why not just sign-in w/ that to new services?
Users don't have to create *yet another* un/pw, & new services don't have to manage it - win/win!
5/
While an improvement, Social Sign-On has a few problems
1) It depends on a few big corps
Do users really want Google to control their un/pw for the whole Internet?
And do smaller services really want to be at the mercy of these big corps?
6/
1) It depends on a few big corps
Do users really want Google to control their un/pw for the whole Internet?
And do smaller services really want to be at the mercy of these big corps?
6/
2) It's inherently fragmented
- un/pw controlled by a big corp can never be "neutral"
- "which social account did I use for this service again?"
- we wouldn't even *want* one company to win out
7/
- un/pw controlled by a big corp can never be "neutral"
- "which social account did I use for this service again?"
- we wouldn't even *want* one company to win out
7/
3) Ppl still have weak passwords
If you're signing in to everything with your Google account, your security for everything now depends on the strength of your Google account password, and most people use weak passwords (tho 2FA can help here)
8/
If you're signing in to everything with your Google account, your security for everything now depends on the strength of your Google account password, and most people use weak passwords (tho 2FA can help here)
8/
Ethereum Sign-In is a new paradigm
First, Ethereum is giving average ppl computer generated public/private key pairs w/ systems in place to securely connect them to services
Cryptocurrency incentives are finally doing what cypherpunk ideology couldn't
https://twitter.com/BrantlyMillegan/status/1389270115884097536
9/
First, Ethereum is giving average ppl computer generated public/private key pairs w/ systems in place to securely connect them to services
Cryptocurrency incentives are finally doing what cypherpunk ideology couldn't
https://twitter.com/BrantlyMillegan/status/1389270115884097536
9/
Your Ethereum private key is your super secure password that *you* control. No central service required to make it work. Just sign something w/ your private key.
You generate it on your own device, and no service anywhere ever has to have your private key.
10/
You generate it on your own device, and no service anywhere ever has to have your private key.
10/
Ppl need good UIs for storing/using their private key. This was the achilles heel of cypherpunks/PGP
This is another thing crypto incentives are improving
- hardware wallets
- @MetaMask
- @WalletConnect
- social recovery
etc
LOTS of work still needed but it's getting better
11/
This is another thing crypto incentives are improving
- hardware wallets
- @MetaMask
- @WalletConnect
- social recovery
etc
LOTS of work still needed but it's getting better
11/
Second, you need a human-readable username
Key pairs can be computer generated, but don't usernames require a central service to store this info?
This is Zooko's Triangle: naming systems can't be decentralized, secure, *and* human-readable... right?
https://en.wikipedia.org/wiki/Zooko%27s_triangle
12/
Key pairs can be computer generated, but don't usernames require a central service to store this info?
This is Zooko's Triangle: naming systems can't be decentralized, secure, *and* human-readable... right?
https://en.wikipedia.org/wiki/Zooko%27s_triangle
12/
Blockchains solved this trilemma. Namecoin (launched in 2011) was the first attempt at this, but never got adoption
But @ensdomains, launched in 2017 & built w/ smart-contracts on Ethereum, has successfully gotten wide adoption as the web3 standard https://ens.domains/#home-ecosystem
13/
But @ensdomains, launched in 2017 & built w/ smart-contracts on Ethereum, has successfully gotten wide adoption as the web3 standard
https://ens.domains/#home-ecosystem 13/
Users can register a .ETH name on ENS w/o touching a single centralized service & then hold custody of it themselves w/ their Ethereum account
It's your web3 username, simplifies payments for any crypto, and can even point at a decentralized website, all with one name
14/
It's your web3 username, simplifies payments for any crypto, and can even point at a decentralized website, all with one name
14/
Put all of this together and you have a decentralized self-custody username system for your Ethereum account
No corporation or centralized system involved in this entire set-up, user (not corp) owned
therefore **credibly neutral** (this is key)
15/
No corporation or centralized system involved in this entire set-up, user (not corp) owned
therefore **credibly neutral** (this is key)
15/
This is better for users:
The *user* controls their account/username & can use it anywhere that adopts Ethereum Sign-In. No more annoying "land rushes" for usernames on new platforms
& better for services:
They don't have to manage a un/pw system or depend on Google/Facebook
16/
The *user* controls their account/username & can use it anywhere that adopts Ethereum Sign-In. No more annoying "land rushes" for usernames on new platforms
& better for services:
They don't have to manage a un/pw system or depend on Google/Facebook
16/
This isn't just an idea, this is *already* the web3 sign-in model
You sign-in to a dapp by "Connect"-ing your Eth wallet. Many then use your ENS name as your portable username. E.g. @Uniswap, @tryShowtime, @aavegotchi, @SnapshotLabs
More: https://twitter.com/BrantlyMillegan/status/1400876106648113156 #ens
17/
You sign-in to a dapp by "Connect"-ing your Eth wallet. Many then use your ENS name as your portable username. E.g. @Uniswap, @tryShowtime, @aavegotchi, @SnapshotLabs
More: https://twitter.com/BrantlyMillegan/status/1400876106648113156 #ens
17/
Wouldn't it be great if your single account for the Internet also had an avatar & other profile info?
That's where ENS text records come in. Not widely adopted yet, but an upcoming redesign of the ENS Manager will put the option of setting up these things front-and-center
18/
That's where ENS text records come in. Not widely adopted yet, but an upcoming redesign of the ENS Manager will put the option of setting up these things front-and-center
18/
But wait, what if you don't want a single account for the Internet? You definitely should keep certain activities separate.
No sweat: you can have as many Eth accounts as you want w/ different ENS names
And your ENS name can be your actual name or a pseudonym, your choice
19/
No sweat: you can have as many Eth accounts as you want w/ different ENS names
And your ENS name can be your actual name or a pseudonym, your choice
19/
FYI, when using Ethereum Sign-In you may be confronted w/ something like this
At first it looks like Social Sign-In fragmentation but it's not. These are competing wallet UIs that *all use the same basic Eth account sys*
You can import your Eth account into other wallets
20/
At first it looks like Social Sign-In fragmentation but it's not. These are competing wallet UIs that *all use the same basic Eth account sys*
You can import your Eth account into other wallets
20/
An amazing thing about this is the Eth community did not set out to create a new decentralized neutral Single Sign-On sys
2 unrelated things came together: connecting your Eth wallet to use dapps + ENS originally for crypto payments (still does this!)
21/
2 unrelated things came together: connecting your Eth wallet to use dapps + ENS originally for crypto payments (still does this!)
21/
And that's why I expect this will succeed
No "consortium" is artificially trying to force this on ppl. It's not over-engineered in committees out of touch w/ users & services
It's being developed open source & adopted organically by users & services b/c it's useful
22/
No "consortium" is artificially trying to force this on ppl. It's not over-engineered in committees out of touch w/ users & services
It's being developed open source & adopted organically by users & services b/c it's useful
22/
Once you've gotten used to the web3 model in which you own your portable account & username, the old web2 sandboxed username/password model starts to seem... antiquated
"Connect Wallet is the only way i want to sign in ever again"
23/
"Connect Wallet is the only way i want to sign in ever again"
23/
I say:
Down with a mess of accounts with weak user-generated passwords and sandboxed usernames owned by big corps (web2)
Up with secure private keys and portable usernames owned by users (web3)
It's the Internet as it always should have been
24/
Down with a mess of accounts with weak user-generated passwords and sandboxed usernames owned by big corps (web2)
Up with secure private keys and portable usernames owned by users (web3)
It's the Internet as it always should have been
24/
Want to get a portable web3 account?
Pick an Eth wallet: https://ethereum.org/en/wallets/find-wallet/
Get ETH (sometimes built into wallet, otherwise use a service like Coinbase)
Get an ENS name: http://app.ens.domains
(Choose which is your username by setting reverse record at My Account)
/end
Pick an Eth wallet: https://ethereum.org/en/wallets/find-wallet/
Get ETH (sometimes built into wallet, otherwise use a service like Coinbase)
Get an ENS name: http://app.ens.domains
(Choose which is your username by setting reverse record at My Account)
/end
