Setting up seed phrases can be time-consuming and complex for new Web3 users, but almost all of them are familiar with social media networks and standard sign-in procedures when using Google, Twitter, Discord and others. Fortunately, Etherspot allows developers to combine traditional sign-in and Web3 login, removing the need for game players to create and securely store wallet info in order to play.
Users can allow dApps to create and effectively secure smart contract wallets by simply submitting one of their social account’s username and password. It’s secure, easy and has fail safes built in. Here’s how builders can bootstrap this feature into their dApps fast.
Etherspot has partnered with Web3Auth, to bring users a frictionless Web3 experience by combining the power of Web3auth’s social login and Etherspot’s Smart Wallet account abstraction (AA) infrastructure.
How Does It All Work?
This feature is available through Etherspot’s react component, BUIDLer which enables plug-and-play integration with the Etherspot SDK, allowing dApps and developers to easily leverage the SDK and, amongst other AA functions, integrate social logins straight into their dApps with only two lines of code.
With Web3Auth, users handle their keys similar to a multi-factor account, where they use their OAuth login, devices and other factors to manage their key pairs.
Here’s an example:
The user starts by generating a 2 out of 3 (2/3) Shamir Secret Sharing scheme. This gives the user three shares: ShareA, ShareB, and ShareC.
Similar to existing 2FA systems, a user needs to prove ownership of at least 2 out of 3 (2/3) shares, in order to retrieve his private key. This initial setup provides several benefits.
- ShareA is stored on the user’s device: Implementation is device and system specific. For example, on mobile devices, the share could be stored in device storage secured via biometrics.
- ShareB is managed by a login service via node operators: This share is further split amongst a network of nodes and retrieved via conventional authentication flows.
- ShareC is a recovery share: An extra share to be kept by the user, possibly kept on a separate device, downloaded or based on user input with enough entropy (eg. password, security questions, hardware device etc.)
Using Web3Auth, the user has full ownership and access to their cryptographic key pair. Login services only have access to one share, and thus it’s not possible for the provider to retrieve the user’s private key on their own.
A Web 2.0 Login flow with Web3Auth SDK
On a daily basis, Web3Auth allows access to a user key pair through flows indistinguishable from Web2.0 logins, contributing to greatly improved user onboarding experience. Users don’t need advanced blockchain knowledge to interact with platforms and dApps.
At the same time BUIDLer Component allows those who do have the knowledge to continue to connect with their existing wallets by clicking the Web3 tab.
Improvements To Key Recovery And Redundancy
In the event of a lost device/share, there is redundancy built into the share threshold such that a user can still recover their key. It is also possible to refresh shares so that lost shares are revoked.
This is a vast improvement over writing down a seed phrase on a piece of paper, since losing the seed phrase gives whoever finds it complete access to the private key. Losing a share, on the other hand, is acceptable as long as the user does not lose more than one share without refreshing his existing shares.
Chain/Platform Agnostic Via Native Signatures
Web3Auth’s resulting interface is a native cryptographic key pair, making it compatible with almost all cryptographic constructs on various platforms and elliptic curves. Secret sharing and share refresh are also done completely off-chain, which makes Web3Auth usable on blockchains with limited smart contract functionality.
Using a 2/3 threshold also prevents censorship by the Torus nodes. In the case that the nodes refuse to return the share of the user’s private key even after the user has authenticated successfully, the user can still reconstruct their private key using ShareA (device share) and ShareC (recovery share).
In essence, both Etherspot & Web3Auth operate under the shared vision of a simplified Web3 future that requires minimal user knowledge of the blockchain space.
Social logins allow Web2 accustomed users to choose to simply submit their social logins, which creates a smart contract wallet through Etherspot SDK to connect, and interact with Web3 dApps. ( Supported social logins: Google, Apple, Facebook, Discord, Twitter, Github, Twitch or Email). Advanced users can still choose to connect their wallets as normal.
Social logins are another huge step forward for the blockchain industry and one that will draw in a massive amount of new users. At Etherspot we believe that it’s an important factor in the evolution of account abstraction which will ultimately lead to the mass adoption of the use of blockchain technology both institutionally and privately.
Stay up-to-date with the latest developments in blockchain account abstraction by letting Etherspot propel your dApps forward.
- Implement BUIDLer Component now to allow your users to log in to your dapp via social media networks.
- Test out Etherspot SDK in our playground
- Read the docs
Get In Touch: