Phantom materializes ‘sign in with Solana’ wallet authentication
Phantom said it collaborated with Solana Labs to make the method compatible with Solana’s wallet standard, while also providing support for others within the ecosystem
Skorzewiak/Shutterstock, modified by Blockworks
Wallet service provider Phantom said Monday it has introduced a new feature allowing applications to authenticate users using a Solana address.
The introduction of Sign In With Solana (SIWS) is intended to improve the user experience and security by streamlining the traditional “connect” and “signMessage” flow into a single-click “signIn” method.
Traditionally, the connect function enables a user’s digital wallet to interact with an application, while “signMessage” allows the user to cryptographically verify their identity.
The message lacks human-readable information, which can sometimes lead to new and seasoned users agreeing to malicious prompts.
Even in cases when connecting a wallet to trusted applications, unexpected pop-up signatures can often confuse or frighten new users, Phantom said in a statement. This, in turn, can often be a major hurdle for new entrants, it said.
The one-click sign-in method, available as of Phantom version 23.11, allows Solana developers to prompt users to connect and sign a standardized authentication message and prove ownership of their addresses.
Designed as a drop-in replacement for the previous two-step authentication flow, the sign-in method also provides developers with a robust API for creating standardized authentication messages, Phantom said.
The responsibility for message construction shifts from applications to the wallet, allowing Phantom to scrutinize elements such as the site’s domain or the time of message issuance to ensure legitimacy.
It is unclear whether there could be fresh privacy concerns associated with the shift of responsibility in message construction. Blockworks has reached out to Phantom for comment.
In some instances, that construction may help slow or hinder the progress of malicious actors. That could help prevent instances like last year’s breach, when a coding error allowed hackers to easily find and use client passwords, leading to a breach in both Slope and Phantom wallets.
Private keys associated with the impacted wallets were either leaked or compromised, and these keys were then utilized to authorize fraudulent transactions, according to reports at the time.
The sign-in feature released on Monday makes authentication more consistent and allows Phantom to check for suspicious activity, its developers said.
Ethereum dapps similarly can facilitate a “sign in with Ethereum” feature using Ethereum Name Service (ENS), as part of a push for decentralized identity services.
Don’t miss the next big story – join our free daily newsletter.
