What would you like to read about?

  1. Homepage
  2. Posts
  3. Sign-in With Ethereum: An Alternative to Centralized Identity Providers

With Ethereum: An Alternative to Centralized Identity Providers

November 4th, 2021

The age of email/password login is coming to an end.

Typically when signing in to a "web2" service, you use a username or email address and a password. The service can then look up your username or email address in their internal database and see if the corresponding password matches the one you provided. A random key for further authentication is generated and typically stored in a cookie.

A new specification, EIP-4361: Sign-In with Ethereum, wishes to change the way how we sign in to web2 services by utilising a method commonly used for web3 services (like wallets and dapps).

How it works

EIP-4361 describes an authentication method for existing web2 services that uses signed messages. Instead of using a combination of a username and password, you can use your private key (with corresponding address) to authenticate. For example, you could sign a message like this using your private key:

Example.com wants you to sign in with your Ethereum account:
URI: https://example.com/login
Version: 1
Chain ID: 1
Nonce: 12345
Issued At: 2021-11-01T12:25:24Z
Signing an authentication message on MyCrypto.

EIP-4361 defines a standardised format using the augmented Backus–Naur form (ABNF) for these authentication messages that can be verified by the service you want to log into. The format follows the EIP-191 specification, which is already widely supported by many wallets. Logging in does not require a password, simply sign the message with your private key and you're done. The server can verify the message and generate a key to store in a cookie.

Decentralised Data with ENS

EIP-4361 neatly integrates with the Ethereum Name Service (ENS). If an address has a primary ENS name (also called reverse record) set, a service could look up this primary ENS name and resolve data based on it. You could for example store your preferred username, profile picture, email address, or other arbitrary information in your ENS name. ENS also lets you specify addresses for other networks, such as Bitcoin, and Litecoin:

Some of the possible fields associated with an ENS name.

This keeps you in control of your data and removes the need for web2 services to store this information about you. This could lead to a future where using authenticated, signed EIP-191 messages to log into authentication-gated apps is the standard, doing away with email/password combinations entirely.

This model is essentially a decentralised, 100% uptime, user-data owned “Gravatar.” Instead of one private entity holding the data, it is published to the Ethereum blockchain for apps to use. You will have one identity across many applications, all authenticated against your signing wallet.

If you don't have an ENS name yet and you want to register one, you can do so at app.ens.domains, or you can buy an already-registered domain on a secondary market.

You can read the full proposal of this and read/listen to previous calls at https://login.xyz/.

Talk To Us & Share Your Thoughts

MyCrypto is an open-source tool that allows you to manage your Ethereum accounts privately and securely. Developed by and for the community since 2015, we’re focused on building awesome products that put the power in people’s hands.

© 2022 MyCrypto, Inc.


Subscribe to MyCrypto

Get updates from MyCrypto straight to your inbox!

By submitting your email, you affirmatively agree to our Privacy Policy