Native Support for Sign-In With Ethereum
🎉 We’re thrilled to announce that Tally Ho is the first wallet to add native support for Sign-In With Ethereum!
Download Tally Ho now to try it out. Or read on to learn why our community is so excited about this update.
Wait, you can sign in with Ethereum?
Instead of using Sign-In with Google or Sign-In with Facebook, you can now Sign-In With Ethereum.
Only a handful of apps support SIWE today, but we expect it to be widespread by the end of 2022. It’s the next logical step in our collective efforts to increase the sovereignty and dignity of web users everywhere
How does it work?
TL;DR Sign-In With Ethereum is a new, decentralized Single Sign-On system—created by and for the web3 community. (Shout out to Spruce, ENS, and the EF for leading the charge.)
Instead of using the username/password paradigm for authentication, SIWE uses your Ethereum public/private keypair. This is far more secure than user-generated passwords (more on that in a second). And the best part is: you fully own and fully control your Ethereum identity. Just like you self-custody your NFTs, tokens, or ETH, you can now self-custody your identity.
This is awesome for several reasons:
🤦 The username/password paradigm is broken UX.
It’s arguably the single worst part of web2 user experience—apart from identity theft or being subject to behavior modification experiments. How many times have you not bothered to open an app because you needed to sign up? Or you have signed up, but you’re too lazy to open your password manager. Or perhaps you forgot your password and now you need to go through the horse and pony show of resetting your password… only to go through it again next month. It intolerable. This tweet says it all:
🚨 The username/password paradigm is dangerous.
The facts are in: users generate insecure passwords. They reuse them. And given a long enough timespan, your average centralized app is going to skip a security beat, get pwned, and have its user database leaked or sold on the dark web. It’s a recipe that resulted in approximately 10 billion passwords being leaked last year. If you don’t believe me, check out haveibeenpwned.com or Firefox Monitor to see how many times your old passwords have been exposed in plaintext.
This is why it’s so important to always use a password manager, never reuse passwords, and always use 2FA. Otherwise, the bar for an attacker to get into your accounts is simply too low.
🐲 TradSSO helps solve problems, but at high cost.
Signing in with Google or Facebook is great UX, but it places you ever more snugly beneath the dragon’s wing of your surveillance overlords. If only there was a SSO option that treated you as a citizen of cyberspace, rather than as raw material for advertising products…
The bigger picture
The early web shipped without a first-order concept of user identity. This seemed fine at the time, but in retrospect we can see that it led to the rise of platform monopolies. Without a way to create and manage our identities, we relied on platforms to do it for us.
A strain of newly minted "cyberlibertarian" ideals formed the early Internet, which assumed that a fairly minimal communications layer was sufficient; obviously necessary higher-level architectural elements, such as persistent identities for humans, would be supplied by a hypothetical future of private industry. But these higher layers turned out to give rise to natural monopolies because of network effects; the outcome was a new kind of unintended centralization of information and therefore of power.
- Vitalik Buterin & Jaron Lanier, from the Foreward to Radical Markets (2018)
Identity capture gave platforms extraordinary leverage over their users, and this hasn’t escaped their attention. Over the past 15 years, Big Tech has taken unpopular and increasingly brazen steps to undermine our privacy and cognitive sovereignty and, more recently, to deplatform users—often with little explanation. We’ve been held hostage because they’re the custodians of our identity. It’s the reason why I suspect so many of us who hate Facebook still haven’t closed our accounts.
User-owned identity can tilt the balance of power back towards users. It also promises to change the laws of motion for scaling a company or service. Rather than rushing to stack users in an attempt to win Metcalfe races, they’ll (hopefully) compete on offering authentic user value. This is why it’s so important that we develop, adopt, and demand alternatives that relocate power back in the hands of individuals.
To learn more about Sign-In With Ethereum:
Tally Ho!
Ready to try out the future of auth?
You can try Sign-In With Ethereum now with the Tally Ho Community Edition.
It’s our first major update since launching Swaps last month:
While every wallet that supports signing messages technically supports SIWE, Tally Ho has implemented native support—meaning you'll interact with a friendly sign-in interface, rather than a long, incomprehensible string of text.
We should also mention: Tally Ho’s SIWE feature was written by a community member! A huge shoutout to @_despore, who coded SIWE this last month at ETHDenver.
It’s a reminder of why we love free, open source software (unlike some other web3 wallets...), and also why ETHDenver is one of our all-time favorite events. Embracing FOSS helps Tally Ho move way faster as a community than we ever could as a top-down, closed source company.
Join the Pack
Here’s how to get involved in the Tally Ho community:
🐶 Try the extension. You can try Sign-In With Ethereum today in the Tally Ho community edition.
👩💻 Contribute code. If you’re a dev passionate about public goods, join our shadowy-super-doggos room on Discord. Tally Ho is GPLv3, so all the code you write will stay open source for good.
🧑🎨 Help us QA. If you’d like to help us perfect and polish SIWE in the leadup to our DAO launch, come find me and the devs in the qa-testing room in the Tally Ho Discord!