Hi there. Can you expand on that ... the one login to access bit.
This article below gives a great explanation.
@Rumandcoke
The Ethereum community has accidentally solved a major problem of the Internet: Single Sign-On
"Sign-In w/ Ethereum" is the future of login for
every app on the Internet, crypto-related or not
Not just an idea, it's already the norm for web3 & will spread
First, what is "Single Sign-On"?
It can mean different things depending on context, but here I mean:
an average person having one username and password/authentication method that works across all services
The Internet has no personal username/authentication system built-in
IP addresses change & are based on device/location, & DNS was never really meant to be a personal username system
But services need to know who you are. So each created their own username/password systemGrimacing face
We all know what happened
- ppl re-using weak passwords written on post-it notes
- sign-up fatigue ("i have to create another un/pw?")
- hacks + data dumps Right pointing backhand index http://haveibeenpwned.com
Yes, ppl can use password managers etc, but this doesn't happen in practice
One solution in the last decade has been Social Sign-On.
You probably already have an account w/ Google, Facebook, etc, so why not just sign-in w/ that to new services?
Users don't have to create
yet anotherun/pw, & new services don't have to manage it - win/win!
While an improvement, Social Sign-On has a few problems
- It depends on a few big corps
Do users really want Google to control their un/pw for the whole Internet?
And do smaller services really want to be at the mercy of these big corps?
2) It's inherently fragmented
- un/pw controlled by a big corp can never be "neutral"
- "which social account did I use for this service again?"
- we wouldn't even want one company to win out
- Ppl still have weak passwords
If you're signing in to everything with your Google account, your security for everything now depends on the strength of your Google account password, and most people use weak passwords (tho 2FA can help here)
Ethereum Sign-In is a new paradigm
First, Ethereum is giving average ppl computer generated public/private key pairs w/ systems in place to securely connect them to services
Cryptocurrency incentives are finally doing what cypherpunk ideology couldn't
Your Ethereum private key is your super secure password that
you control. No central service required to make it work. Just sign something w/ your private key.
You generate it on your own device, and no service anywhere ever has to have your private key.
Ppl need good UIs for storing/using their private key. This was the achilles heel of cypherpunks/PGP
This is another thing crypto incentives are improving
- hardware wallets
- MetaMask
- WalletConnect
- social recovery etc
LOTS of work still needed but it's getting better
Second, you need a human-readable username
Key pairs can be computer generated, but don't usernames require a central service to store this info?
This is Zooko's Triangle: naming systems can't be decentralized, secure,
andhuman-readable... right?
https://en.wikipedia.org/wiki/Zooko's_triangle
Blockchains solved this trilemma. Namecoin (launched in 2011) was the first attempt at this, but never got adoption
But @ensdomains, launched in 2017 & built w/ smart-contracts on Ethereum, has successfully gotten wide adoption as the web3 standard Right pointing backhand index
https://ens.domains/#home-ecosystem
Users can register a .ETH name on ENS w/o touching a single centralized service & then hold custody of it themselves w/ their Ethereum account
It's your web3 username, simplifies payments for any crypto, and can even point at a decentralized website, all with one name
Put all of this together and you have a decentralized self-custody username system for your Ethereum account
No corporation or centralized system involved in this entire set-up, user (not corp) owned
therefore
credibly neutral (this is key)
This is better for users:
The
user controls their account/username & can use it anywhere that adopts Ethereum Sign-In. No more annoying "land rushes" for usernames on new platforms
& better for services:
They don't have to manage a un/pw system or depend on Google/Facebook
This isn't just an idea, this is
already the web3 sign-in model
You sign-in to a dapp by "Connect"-ing your Eth wallet. Many then use your ENS name as your portable username. E.g. @Uniswap , @tryShowtime , @aavegotchi , @SnapshotLabs
More:
Wouldn't it be great if your single account for the Internet also had an avatar & other profile info?
That's where ENS text records come in. Not widely adopted yet, but an upcoming redesign of the ENS Manager will put the option of setting up these things front-and-center
But wait, what if you don't want a single account for the Internet? You definitely should keep certain activities separate.
No sweat: you can have as many Eth accounts as you want w/ different ENS names
And your ENS name can be your actual name or a pseudonym, your choice
FYI, when using Ethereum Sign-In you may be confronted w/ something like this Down pointing backhand index
At first it looks like Social Sign-In fragmentation but it's not. These are competing wallet UIs that
all use the same basic Eth account sys
You can import your Eth account into other wallets
An amazing thing about this is the Eth community did not set out to create a new decentralized neutral Single Sign-On sys
2 unrelated things came together: connecting your Eth wallet to use dapps + ENS originally for crypto payments (still does this!)
And that's why I expect this will succeed
No "consortium" is artificially trying to force this on ppl. It's not over-engineered in committees out of touch w/ users & services
It's being developed open source & adopted organically by users & services b/c it's useful
Once you've gotten used to the web3 model in which you own your portable account & username, the old web2 sandboxed username/password model starts to seem... antiquated
"Connect Wallet is the only way i want to sign in ever again"
I say:
Down with a mess of accounts with weak user-generated passwords and sandboxed usernames owned by big corps (web2)
Up with secure private keys and portable usernames owned by users (web3)
It's the Internet as it always should have been
Want to get a portable web3 account?
Pick an Eth wallet:
https://ethereum.org/en/wallets/find-wallet/
Get ETH (sometimes built into wallet, otherwise use a service like Coinbase)
Get an ENS name:
http://app.ens.domains (Choose which is your username by setting reverse record at My Account)