en
Back to the list

Towards a Web3 Without Wallets

source-logo  coindesk.com 02 August 2023 22:31, UTC

Blockchain wallets are a core component of Web3. Wallets are key for user identity in Web3 and give users ownership of data and permissions in apps and smart contracts.

However, the combination of a steep learning curve and the high stakes of mistakes have been obstacles to mass adoption of Web3.

Users have been stuck with either custodial or self-custodial wallets. Custodial wallets are managed by a centralized third-party, which means reduced functionality and control for users. In contrast, self-custodial wallets put users in the driver’s seat but are complex to set up and operate. With self-custody, users must remember and protect a 12- or 24-word seed phrase to avoid losing access to their wallet.

The “wallet barrier” has significantly hindered onboarding of brands and consumers that are otherwise attracted to Web3. For Web3 to achieve mass adoption, the function of wallets needs to be reimagined such that users are barely aware that wallets exist - the same way Web2 apps don’t expose the UserId representing that user in an internal database. At the same time, user activity in Web3 should be decentralized, secure, and easy to manage without seed phrases.

A handful of emerging and converging technologies are already forming the foundation of this future. Over the next few years, the omnipresent role of wallets will recede into the background, and as a result, Web3 will offer simple onboarding and seamless integration across platforms.

The wallet barrier

In these early days of Web3, getting started with decentralized apps (dApps) typically requires having a wallet, which can be either self-custodial or hosted by a third-party custodian. While some hybrid options have been developed, users have generally faced a choice of two subpar wallet options with meaningful tradeoffs for convenience, security, access, and control.

A self-custodial wallet is often necessary to connect with and use specific dApps, including many crypto trading platforms, NFT marketplaces, and play-to-earn games. But setting up a wallet and seed phrase can be confusing and intimidating for people who are new to Web3. As a result, potential users often abandon the onboarding process.

Even when initial setup is successful, self-custodial wallet management still poses a host of challenges and inconveniences:

Remembering and protecting a seed phrase

Keeping track of an account identified only by a long string of numbers

Deciding whether to sign transactions, which are frequently difficult to understand or trust

Knowing how to connect to different blockchains and dApps

Finding on- and off-ramps for fiat currency

Having the right kind and amount of tokens to cover transaction (gas) fees

Following proper security measures in an environment with diverse hacking threats and frequent phishing attacks

While it’s easy to point out these issues in Web3, Web2 is also plagued by account management problems. Users juggle an ever-expanding list of logins and passwords, creating vulnerabilities for hackers to exploit, or they turn to centralized password managers that have also been subject to successful cyberattacks. And even when Web2 adds convenience, it comes at the expense of user privacy and control of their own data.

Converging solutions

Innovative technologies are opening up possibilities for moving beyond both account management problems in Web2 and the wallet barrier in early Web3.

These technologies involve dramatic improvements in the user experience of interacting with dApps on blockchains. At the same time, new approaches to identity verification and account interoperability are making it more secure and convenient to log into apps and services. A marriage of these technologies can help push wallets to the background and enhance functionality and security for users.

While these emerging technologies are still maturing, they can soon be expected to break down the wallet barrier and enable smooth, straightforward onboarding and engagement in Web3.

Smart contract wallets

Smart contract wallets are programmable accounts that operate on blockchains. They are a medium for interacting with a blockchain, and, because they can be programmed with detailed rules, they add a range of features and functionality not offered by standard wallets.

Simplified transactions: Smart contract wallets enable important functions like the bundling of transactions, paying gas fees with a wide range of tokens, and allowing dApps or brands to pay transaction fees on a user’s behalf.

Private key recovery: These wallets allow users to set up systems to regain access if their seed phrase is lost or forgotten. For example, social recovery backs up segments of a private key among trusted friends or family members who can then authorize key restoration.

Security safeguards: With smart contract wallets, users can establish rules to protect against theft. For example, they can cap spending, set limits on total transactions, or create a whitelist of accepted addresses to interact with to prevent getting tricked by a fake page. Smart contract wallets can also show transaction simulations that let users preview the outcome of a transaction before executing it.

Smart contract wallets (see some examples below) are a building block to a more robust Web3 that avoids the pitfalls of both self-custodial and custodial wallets. They can simplify and automate transactions across dApps to make Web3 approachable to more than just power users. By providing tools for private key recovery, smart contract wallets also eliminate one of the main pain points in Web3 onboarding. While there are still barriers to widespread use of smart contract wallets, their adoption is increasing on layer-2 blockchains that run on top of Ethereum and offer lower-cost and faster transactions.

Importantly, smart contract wallets can be programmed to validate users based on flexible and customizable criteria. This introduces the potential for users to manage smart wallets through more user-friendly and familiar accounts, possibly decoupling user accounts from the wallets that trigger transactions. In the next few sections, we’ll see a few emerging identity mechanisms that could be used towards this purpose.

Decentralized Identifiers

Decentralized identifiers (DIDs) enable the verification of identifying information while keeping the actual data under cryptographic lock-and-key controlled by the user. For virtually any type of information, DIDs can provide a verifiable credential that can be authenticated through cryptographic signing.

But how do DIDs help pave the way for a “wallet-less” Web3?

In effect, a combination of smart contract configuration and DID verification can make the existing concept of the Web3 wallet obsolete. Instead of requiring that a specific wallet address initiate transactions, smart contracts can require that the transaction include verification from a user’s DID. When necessary, users can authenticate and initiate transactions via a simple interface without a tedious or confusing series of steps. Gas fees can either be paid for by dApps (especially with low gas fees on layer 2 blockchains) or bundled into a single price for users to authorize with one click.

Worldcoin

One example of a rapidly growing application of DIDs is Worldcoin and its World ID technology to prove digital identity. A World ID can be thought of as a type of passport in which different stamps represent credentials that verify specific pieces of information, such as age, address, or work or educational history. When needed, users can authorize the display of a stamp without revealing the whole passport.

Credentials can be configured to share data on a need-to-know basis. For example, a credential could prove a person is over 21 without having to show their actual age. Credentials can also authenticate whether a person has completed certain actions like voting or making a donation.

Read more: Jeff Wilser - The Untold Story of Worldcoin’s Launch: Inside the Orb

Although the initial Worldcoin rollout includes associated wallets for blockchain transactions, DIDs provide an ability to verify identity without the need for a seed phrase. As these technologies evolve, programming a smart contract to recognize an authenticated DID can allow users to securely access and interact with dApps without ever having to think about the ins-and-outs of a self-custodial or custodial wallet.

The contours of this approach are already in the works as Worldcoin has partnered with the authentication service Okta to make signing in with a World ID available for a huge range of apps and services. With World ID, authorization is controlled by smartphone and/or biometrics (iris scanning) to protect against fraud. Whether Worldcoin emerges as a preferred DID solution remains to be seen, but it represents an emerging field of technology that can enhance how users connect with blockchains.

Bluesky

Bluesky is a social blogging app built on the AT Protocol, a framework for the social web that prioritizes decentralization so that users have privacy, control, and portability of their data. A single user account is interoperable across different decentralized social networks on the AT Protocol without requiring seed phrases or separate logins.

Public usernames or handles on the AT Protocol are underpinned by DIDs for authentication. User data on Bluesky is stored with cryptographic protection in signed data repositories that are linked to a user’s DID. If a user decides to leave Bluesky and migrate to another social network, they can take their identity, data, and social connections with them.

Despite being accessible by invite only, Bluesky has reached over one million downloads, reflecting the appeal of a new model of the social web. Although not based on blockchains, Bluesky and the AT Protocol are a demonstration of how new technologies can give users the convenience of a single account that works across different apps while preserving decentralization, security, and data privacy.

Google Passkey

Google Passkey allows users to access their Google account and other online services without passwords. To make this possible, a cryptographic private key is stored on a phone or laptop, and a public key is kept in the cloud. Logging in requires authenticating the private key, which can be done by unlocking the linked phone or laptop, such as with fingerprint or face recognition.

The passkey replaces the username and password as a means of accessing accounts, eliminating a vulnerable attack surface for hackers. Smart contracts could be programmed to verify identity by storing a public key in the smart contract so that only the user with the passkey could authorize interactions with the blockchain. This would give non-technical users an intuitive and secure way of engaging with dApps without passwords or seed phrases.

Passkey is the result of a long-term development process involving Google, Apple, and Microsoft, which sets this technology up for large-scale adoption by users and online services. While the role of these major companies in passkey synchronization might seem contrary to the decentralization ethos of blockchain, for many users, the trade-off might be worth the ease of use and familiar security mechanisms.

Token-bound accounts

With token-bound accounts, any non-fungible token (NFT) can contain assets, such as other cryptocurrencies or tokens, allowing the NFT to function like a wallet. In this way, tokens are directly held within the NFT, so when the NFT is transferred, all the assets bound to it are transferred as well.

While detailed use cases are still largely in the works, token-bound accounts demonstrate the flexibility and diversity of on-chain resources. Token-bound accounts make it possible to compartmentalize different decentralized assets in various ways, but at any time those assets can be controlled by the user whose credentials prove ownership of the NFT itself.

Unlocking Web3 without wallets

As smart contract wallets, DIDs, and other verification and login technologies mature, the wallet as we know it will move from front-and-center in Web3 onboarding to something that is abstracted away from the core user experience.

In a world of mass adoption of Web3, there is no reason that the average user needs to be thinking about blockchains or wallets. After all, Web2 is built on complex databases that users log into with a known method like their email or social media account. Yet virtually no users are aware of or concerned about the underlying mechanics of the database or sign-in process.

In the same way, wallets and blockchains can enable dApps but fade into the background for users, enabling key features critical to mainstream usage:

Simplicity: Users can sign in with familiar methods underpinned by robust security

Ownership: Users own and control their blockchain-based accounts to protect their privacy, but dApps can send rewards or assets directly to those accounts

Interoperability: Users can easily manage assets across an open ecosystem of token-enabled tools.

There may always be a subset of users that continue to use and manage wallets directly, but most future users in Web3 won’t need or want to micromanage thousands of high-value crypto trades. For the most compelling Web3 use cases, such as customer loyalty programs for brands, to take off, we need to removethe wallet barrier and simplify the UX.

For example, brands can build loyalty programs on-chain to create interoperable memberships, powerful rewards and unique collaborations for their customers, at the same time, they can leverage smart contract wallets to streamline onboarding, including by covering transaction costs at sign-up. Brands win by innovating and growing their loyalty programs, and users win by receiving perks without ever having to know that they are interacting with a blockchain.

A brand like Nike, for example, could reward a customer for a purchase by dropping a virtual shoe NFT to a familiar user account. With that same account, a user can wear that shoe in a metaverse of their choice, use the NFT to get access to an event or discount, or sell the shoe on a market like OpenSea – all without managing a wallet or seed phrase. This example just scratches the surface of the type of multi-faceted and user-empowering experiences that can be powered by Web3.

For Web3 to go mainstream, wallets should be as invisible to users as databases are in Web2. Converging technologies can push wallets to the background and make accessing and engaging with Web3 safer and more convenient. Capitalizing on those technologies can open the doors to mass adoption and a new era for Web3.

coindesk.com