Do you remember the first time you were asked to write down a seed phrase? Perhaps you were confused: Why write this on paper instead of just pasting it in Notes? Will you need to write all this stuff to “login” to Web3 apps every time?
Seed phrases are not that bad, but they look super weird if you have no idea how cryptography works. And most people have no idea how cryptography works.
Right now, 99% of novice Web3 users come with Web2 experience stemming from years of using email/password as authentication for accounts and apps. And while crypto companies and wallets are doing their best to educate users, confusion seems to be inevitable and opening countless opportunities for the always-lurking scammers.
Unfortunately, common Ethereum addresses are unlocked with a private key – a long string of text. If you own your key, you can do whatever you want with your address. You either keep your key in a file and import it to unlock a wallet, or you use the seed phrase mnemonics. There is no way to introduce a password instead of the private key…
…Okay, there is a way actually, but at the cost of full control over your wallet. Some services keep the private keys for their users and let them use passwords for unlocking their wallets. This enables onboarding but breaks one of the core principles of decentralization and it’s not much different from how traditional services work. The service you are using can cut your access at any given moment.
But what if I told you that there is actually a way to unlock your wallet with email and password, while keeping your key?
Here Come Smart Wallets
Smart wallets have been discussed a lot in the past: you may have heard of a similar concept called “account abstractions.”
Basically the idea is that each Ethereum account will be a smart contract, which opens a lot of opportunities to enhance the crypto UX.
Rather than using only one cryptographic key to secure an account, smart wallets allow multiple keys to be utilized using certain rules. For example, you may set up an account to be controlled by 2 keys, one of them being your mobile device and the other your Trezor hardware wallet, with the mobile device having limited permissions and daily spending, while the Trezor is unlimited. Or you may set up so-called social recovery by allowing a multisig controlled by your closest people to recover your account.
Put in simple words, smart wallets are smart contracts that can be controlled by more than one cryptographic key – this “decentralizes” access to the wallet and enables different setups in which you can change the login user experience.
How To Build A Non-Custodial Smart Wallet With Email And Password Registration
We already know that a smart contract wallet can be controlled by two or more keys.
Emerging open source wallet called Ambire decided to build on this feature and enable email/password registration without compromising the user’s ownership of the account.
Ambire implements traditional authentication with an email and a password like Web2 apps. This authentication mode is non-custodial: it works via an on-chain two-key multisig. Оne of the keys is stored in the browser storage and is encrypted with the user’s password, and the other key is stored on our backend via a hardware security model (HSM).
You can’t access the funds using only one of the two keys, for example, if you’re an attacker who successfully compromised either a user (e.g., via malware) or the HSM.
How It’s Going
Ambire Wallet was released in December after two months of beta tests with 5,000 early users (as reported by the company)l. More than 65,000 users have registered since (Total value held in Ambire wallets is ~$50 million at the moment of writing the article), and guess what – the majority of accounts are controlled by email and password.
At the moment, Ambire is working on releasing a mobile version of the wallet for iOS and Android in the first half of this year. This will be the true test for the email+password registration model as the Ambire team expects to attract people who have no previous Web3 experience.
If you are interested in trying Ambire Wallet, head to https://www.ambire.com/ and create your account in less than a minute.