Ethereum Single Sign On
The One SSO To Rule Them All?
Editors Note: It’s been less than 2 months since I’ve leapt off the sideline and into the rabbit holes of web3. In a word, it’s been… insane. Not since my undergraduate years at MIT have I experienced this level of drinking from the intellectual fire hose.
It’s been my intention to share along the way, but the pace of change has been moving so fast that I got lost in my own immersion. I’m surfacing back up for air, and I hope to keep sharing on a consistent basis.
Single-sign On (SSO) is now a common feature across the web2 app space. I myself have many, many services that I connected with through my Google account. The convenience factor is huge, although there is always a risk giving a big platform even more control over your experience across the internet. For example, if your Google account was hacked, the attacker could then login to access everything else you had access to. Ouch.
This is why I typically default to creating my own username and password because it provides the benefit of increased isolation (unless someone broke into my password manager, which would be game over no matter what).
But how does this model translate, if at all, within web3?
Your Wallet Is Your ID & Your Password
Two months ago, I encouraged others to create their .eth address. I hope you did, because the ENS team airdropped governance tokens for all existing users. Some users sold said tokens for $10,000 or more. This is one of the neat “paid to play” aspects of web3.
Anyway! There is a neat side effect of purchasing a .eth address and having it associated with your public/private keys. If you then connect to a blockchain dApp with Metamask, the service can query the address to find the primary .eth address associated with that account.
Here’s an example. Suppose I have the public address 0x123456780 which has myname.eth attached to it. If I then connect (not login) to Uniswap with this account, Uniswap can then pull in my ID (myname.eth) and even my profile picture (if set against myname.eth). This is the web2 equivalent of SSO plus Gravatar.
I’ve now done this with 5-10 services. It’s kindof amazing because you as the user have full control over both the ID and avatar photo. The services you connect to simply use what you provide.
Now, this isn’t a perfect solution. If someone was to ever steal your private keys, they would be able to take over all of your accounts. However, this would be no different than losing your master password to all of your other passwords. And, since crypto wallets hold your assets, users are typically incentivized to take any/all necessary precautions to secure their wallet.
To cut to the punch line. SSO to web3 is already here! And it’s glorious. And it’s fun and slick and you should try it too.