How can you login with a crypto wallet?

Hundreds of millions of people have adopted crypto wallets across their mobile phones, web browsers, and dedicated physical devices. How can you use them to login?

Login screen with multiple crypto wallets to login.

With the rise of decentralized tech and apps, more individuals are using crypto wallets to log into sites around the web. How is crypto wallet login possible?

What is a crypto wallet?

A crypto wallet is a digital wallet that allows users to store, send and receive cryptocurrencies. Crypto wallets can be software-based, hardware-based, or even paper-based. Software-based wallets can be further divided into desktop, mobile and web-based wallets. Hardware wallets are offline devices that resemble USB drives (such as a Trezor or Ledger hardware wallet) and can be used to store your cryptocurrencies offline, away from the internet. Paper wallets are simply printouts of your public and private keys, which can be used to store your cryptocurrencies offline.Crypto wallets are important because they allow you to store your cryptocurrencies in a safe and secure place. They also allow you to send and receive cryptocurrencies. Crypto wallets may be associated with a particular crypto exchange (such as Coinbase Wallet) that allows you to convert your cryptocurrencies into other cryptocurrencies or into fiat currencies (such as US dollars).Fundamentally, crypto wallets are built to store private keys - secret numbers that correspond with your wallet address and let you sign transactions, attest to your identity, and log into decentralized apps.

What does a cryptocurrency wallet do?

A crypto wallet stores your public and private keys and allows you to send and receive cryptocurrencies. Your public key is a public address generated from an elliptic curve; for Bitcoin and Ethereum, this curve is known as scep256k1. These curves are widely used in cryptographic applications, from encrypting and decrypting data to signing or authenticating messages.A public key can be transformed into a wallet address (by hashing and/or truncation) used to receive cryptocurrencies. Your private key corresponds to that public key and wallet address and is used to send cryptocurrencies or sign transactions. When you send cryptocurrencies, your transaction is signed with your private key and broadcast to the network. Miners then verify transactions and generate additional blocks in a blockchain.Many wallets, such as MetaMask, are open-source, allowing any user to verify how the code works ensure that it protects users private keys from exploitation or exfiltration.

Public keys, private keys, and identity

Crypto wallets can be thought to define a unique mathematical identity corresponding to a user’s private key, or unique seed phrase. When you need to prove you own a particular wallet, you can generate a digital signature on a certain phrase or transaction.Although many individuals use crypto wallets to hold digital assets (like BTC and ETH), buy NFTs, or to test out digital currency, a growing ecosystem of decentralized apps (dapps) are using wallets as their primary account and login mechanism.For example, Skiff allows you to create an email address, share others on a workspace, and upload end-to-end encrypted files using your wallet (check out this presentation at the Ethereum Foundation’s Devcon event on the subject). This allows users to create a completely anonymous identity for communication and collaboration.

Comparisons to OAuth APIs and authentication

OAuth is an open standard for authorization that provides a way for users to log in to third-party applications without having to enter their username and password.When you log in to an application using OAuth, the application will redirect you to the OAuth provider (such as Google, GitHub, Dropbox, or a social network) to login. Once you login, the OAuth provider will redirect you back to the application with a token that the application can use to access your account.The OAuth process can yield additional security than having a password on every website because it doesn't require you to share your username and password with the third-party application. It also allows application developers to focus less on authentication and more on building out a user experience. Additionally, OAuth providers typically offer the ability to revoke access to third-party applications, so you can control which applications have access to your account.However, OAuth requires you to completely centralize your identity on a single provider, both limiting functionality for app developers and reducing user privacy across services. Check out this blog on more OAuth security issues.

Limitations today

Mobile apps: One major limitation of crypto wallet sign in is limited mobile compatibility across iOS and Android. For example, on most mobile apps, you can sign into an application with a username and password, or with another OAuth account. When using a crypto wallet, you typically need to generate a signature to sign into a particular mobile app, which is currently not possible except on wallet-specific mobile apps (or using a non-custodial wallet). As a result, many of the security benefits of using a wallet for login are limited on mobile. Some new products, such as WalletConnect, are trying to bridge the mobile usability gap with wallet login APIs, QR codes, and backend connectors that perform validation.Two-factor authentication: Unlike a bank account, where a bank can control and manage your user identity, a crypto wallet identity is based only on a private key. As a result, even though individual dapps or exchanges can require and enforce 2FA, wallets themselves may not have any mechanism for limiting private key access based on 2FA. Recent innovations in multisig wallets, which require multiple individuals to create signatures or sign transactions to manage crypto assets, can manage some of these security concerns.

Tutorials and more

To use Skiff with a crypto wallet, visit the signup page and create an account. You can also learn more about why crypto wallets make great emails, and how to communicate with a crypto wallet as well.