There’s some awesome work happening in WP1 to bring to life the concept of identity management in Status. As part of this, Andrei will also explore new onboarding flows, some of which will incorporate ENS registration.
Before going too deep, I think we should consider EIP1078 universal login. This proposal would allow users to access any compatible DApp with a single username (and no seed phrase!).
The gist of it is…
- User creates a new account by registering an ENS name.
- A proxy contract is created for them; the ENS name points to this contract.
- User’s device generates a private key to control the contract locally.
- User does not need a seed phrase or password to access the account.
- Instead, they authorize additional logins using their ENS name and verifying with their device, similar to 2fa.
- The private keys only sign messages; it’s the contract that holds the user’s funds.
- User controls the level of privilege for each DApp they log in to.
- Backup phrases can be generated for recovery.
You can watch Alex van de Sande demo this in action here.
From a UX perspective, this would mean that a new user either connects an existing account or creates one by registering an ENS name on the spot.
It eliminates the need for seed phrases and instead lets the user access their wallet with their ENS name and device. It encourages ENS registration, which is in many ways a plus.
It’s the strongest proposal for a simplified log in pattern that I’m aware of, and if we have any desire to implement this EIP, we should probably design further login/onboarding and identity work with it in mind.
That said, I’d love to hear a discussion of the pros and cons.
- How can existing users be onboarded to this standard?
- Can existing
stateofus.ethnames be made compatible with this?
- Does a user have to create an ENS name to join Status if we adopt this? There are concerns about requiring a user to register a digital identity which we might be expected to track in certain countries.
- + Many other technical and security considerations I’m not touching on
@ricardo3 @andmironov @patrick @hester @cryptowanderer @jarradhope + anyone else with an interest in identity management, simplified login & adoption of community standards…would love to hear your thoughts.