Phantom materializes ‘sign in with Solana’ wallet authentication

Phantom said it collaborated with Solana Labs to make the method compatible with Solana’s wallet standard, while also providing support for others within the ecosystem

article-image

Skorzewiak/Shutterstock, modified by Blockworks

share

Wallet service provider Phantom said Monday it has introduced a new feature allowing applications to authenticate users using a Solana address.

The introduction of Sign In With Solana (SIWS) is intended to improve the user experience and security by streamlining the traditional “connect” and “signMessage” flow into a single-click “signIn” method.

Traditionally, the connect function enables a user’s digital wallet to interact with an application, while “signMessage” allows the user to cryptographically verify their identity.

The message lacks human-readable information, which can sometimes lead to new and seasoned users agreeing to malicious prompts.

Even in cases when connecting a wallet to trusted applications, unexpected pop-up signatures can often confuse or frighten new users, Phantom said in a statement. This, in turn, can often be a major hurdle for new entrants, it said.

The one-click sign-in method, available as of Phantom version 23.11, allows Solana developers to prompt users to connect and sign a standardized authentication message and prove ownership of their addresses.

Designed as a drop-in replacement for the previous two-step authentication flow, the sign-in method also provides developers with a robust API for creating standardized authentication messages, Phantom said.

The responsibility for message construction shifts from applications to the wallet, allowing Phantom to scrutinize elements such as the site’s domain or the time of message issuance to ensure legitimacy.

It is unclear whether there could be fresh privacy concerns associated with the shift of responsibility in message construction. Blockworks has reached out to Phantom for comment.

In some instances, that construction may help slow or hinder the progress of malicious actors. That could help prevent instances like last year’s breach, when a coding error allowed hackers to easily find and use client passwords, leading to a breach in both Slope and Phantom wallets.

Private keys associated with the impacted wallets were either leaked or compromised, and these keys were then utilized to authorize fraudulent transactions, according to reports at the time.

The sign-in feature released on Monday makes authentication more consistent and allows Phantom to check for suspicious activity, its developers said.

Ethereum dapps similarly can facilitate a “sign in with Ethereum” feature using Ethereum Name Service (ENS), as part of a push for decentralized identity services.


Don’t miss the next big story – join our free daily newsletter.

Tags

Upcoming Events

Hilton Metropole | 225 Edgware Rd, London

Mon - Wed, March 18 - 20, 2024

Crypto’s premier institutional conference returns to London in March 2024. The DAS: London Experience: Attend expert-led panel discussions and fireside chats Hear the latest developments regarding the crypto and digital asset regulatory environment directly from policymakers and experts.

Salt Lake City, UT

WED - FRI, OCTOBER 9 - 11, 2024

Pack your bags, anon — we’re heading west! Join us in the beautiful Salt Lake City for the third installment of Permissionless. Come for the alpha, stay for the fresh air. Permissionless III promises unforgettable panels, killer networking opportunities, and mountains […]

recent research

Research report - cover graphics (1).jpg

Research

In this report, we dive into crypto private market data to gather insights on where the future of the industry is headed. Despite a notable downturn in private raises, capital continues to infuse promising projects that aim to transform payments, banking, consumer experiences, community, and more, with 2023 being the fourth-largest year for crypto venture capital.

article-image

The results mark “a major positive inflection point,” one analyst says, as the exchange carries net income momentum into a crypto rally

article-image

While the slate of 10 US spot bitcoin funds have tallied $4.6 billion of net inflows thus far, half of the field is lagging the leaders

article-image

Trading volumes totalled $154 billion in Q4, including $125 billion in institutional volume

article-image

DeFi on Bitcoin is all the rage right now and Stacks is positioned to benefit

article-image

The Boston Globe reports that lawyer John Deaton is weighing a possible bid

article-image

Ethereum’s Dencun upgrade will enable Uniswap v4 to optimize smart contracts for complex functionality