The era of email/password login is coming to an end.
Usually when logging in to the “web2” service, we need to use a username or email address and password. The service can then look up our username or email address in their internal database to see if the corresponding password matches the password we provided. Generate a random key for further authentication, usually stored in a cookie.
A new specification EIP-4361: with Ethernet Square Log, hopes to change the way we log web2 services through the use of web3 services (such as wallets and dapps) commonly used method.
How does it work?
EIP-4361 describes the authentication method of existing web2 services that use signed messages. Users can use their own private key (with the corresponding address) for identity verification instead of using a combination of username and password. For example, you can use your own private key to sign such a message:
Example.com wants you to sign in with your Ethereum account: 0x4bbeEB066eD09B7AEd07bF39EEe0460DFa261520 URI: https://example.com/login Version: 1 Chain ID: 1 Nonce: 12345
Issued At: 2021-11-01T12:25:24Z
Sign the authentication message on MyCrypto.
EIP-4361 uses an enhanced Backus-Naur form (ABNF) to define a standardized format for these authentication messages, and services that want to log in can verify these messages. The format follows the EIP-191 specification, which has been widely supported by many wallets. No password is required to log in, just sign the message with the private key, and you’re done. The server can verify the message and generate a key to store in a cookie.
Use ENS to disperse data
EIP-4361 is cleverly integrated with the Ethereum Name Service (ENS). If an address has a main ENS name (also called a reverse record) set, the service can look up the main ENS name and parse the data based on it. For example, you can store your preferred user name, avatar, email address, or any other information in the ENS name. ENS also allows users to specify addresses of other networks, such as Bitcoin and Litecoin :
Some possible fields related to the ENS name.
In this way, you can control your own data, and you don’t need a web2 service to store this information about the user. This may lead to the use of authenticated and signed EIP-191 messages to log in to authenticated applications as a standard in the future, completely eliminating the email/password combination.
This model is essentially a decentralized, 100% normal operation, user data-owned “Gravatar”. The data is not held by a private entity, but is published to the Ethereum blockchain for use by application programs. The user will have an identity in multiple applications, and all applications will be authenticated through the user’s signature wallet.
Posted by:CoinYuppie，Reprinted with attribution to:https://coinyuppie.com/log-in-with-ethereum-an-alternative-to-a-centralized-identity-provider/
Coinyuppie is an open information publishing platform, all information provided is not related to the views and positions of coinyuppie, and does not constitute any investment and financial advice. Users are expected to carefully screen and prevent risks.