Phantom materializes ‘sign in with Solana’ wallet authentication

Wallet service provider Phantom said Monday it has introduced a new feature allowing applications to authenticate users using a Solana address.

The introduction of Sign In With Solana (SIWS) is intended to improve the user experience and security by streamlining the traditional “connect” and “signMessage” flow into a single-click “signIn” method.

Traditionally, the connect function enables a user’s digital wallet to interact with an application, while “signMessage” allows the user to cryptographically verify their identity.

The message lacks human-readable information, which can sometimes lead to new and seasoned users agreeing to malicious prompts.

Even in cases when connecting a wallet to trusted applications, unexpected pop-up signatures can often confuse or frighten new users, Phantom said in a statement. This, in turn, can often be a major hurdle for new entrants, it said.

The one-click sign-in method, available as of Phantom version 23.11, allows Solana developers to prompt users to connect and sign a standardized authentication message and prove ownership of their addresses.

Designed as a drop-in replacement for the previous two-step authentication flow, the sign-in method also provides developers with a robust API for creating standardized authentication messages, Phantom said.

The responsibility for message construction shifts from applications to the wallet, allowing Phantom to scrutinize elements such as the site’s domain or the time of message issuance to ensure legitimacy.

It is unclear whether there could be fresh privacy concerns associated with the shift of responsibility in message construction. Blockworks has reached out to Phantom for comment.

In some instances, that construction may help slow or hinder the progress of malicious actors. That could help prevent instances like last year’s breach, when a coding error allowed hackers to easily find and use client passwords, leading to a breach in both Slope and Phantom wallets.

Private keys associated with the impacted wallets were either leaked or compromised, and these keys were then utilized to authorize fraudulent transactions, according to reports at the time.

The sign-in feature released on Monday makes authentication more consistent and allows Phantom to check for suspicious activity, its developers said.

Ethereum dapps similarly can facilitate a “sign in with Ethereum” feature using Ethereum Name Service (ENS), as part of a push for decentralized identity services.

Get the day’s top crypto news and insights delivered to your email every evening. Subscribe to Blockworks’ free newsletter now.

Want alpha sent directly to your inbox? Get degen trade ideas, governance updates, token performance, can’t-miss tweets and more from Blockworks Research’s Daily Debrief.

Can’t wait? Get our news the fastest way possible. Join us on Telegram and follow us on Google News.

Leave a Reply

Your email address will not be published. Required fields are marked *