How to Create a Web Authentication Mechanism on the Blockchain
With an increasing number of identity theft and data leaks happening all over the world, authentication has become a major issue of concern.
If you want to make an area of your website restricted to certain users, you have to decide whether to create your own unique system of identifying users, or implement a ready-made solution.
A standardized solution involves that the user already has an account on some platform (Facebook, Yahoo, Google, or emailing platforms). In this case, you just have to use the suitable mechanism (usually the OAuth 2.0 protocol) to see if someone that tries logging in to your site using an external user ID is that same user.
This option is more convenient to implement, but there’s a risk for the user. In the eventuality something happens to his main account, as a result, he’ll also lose the access to his information on your site.
Furthermore, users are sometimes faced with the need to give the main site access to their personal information. This includes private information such as real name, e-mail, age, location. If the logging in with an external account is the only option, then the user must make a tough decision. The options here are to refuse using the site any further or give up their privacy.
Most users usually end up sacrificing their privacy and anonymity thinking that nothing bad can come of this if they have nothing to hide. But as time has proven us, if someone malevolent procures such data, it can be used to access bank accounts, wallets and other types of accounts.
But is there a way of protecting ourselves from such threats of insecurity which can lead to someone physically stealing and misusing our information? Enter blockchain technology.
But before we go on any further, let us recap the three main issues:
- The user wants to provide his personal information to a site he or she doesn’t trust.
- The site wants to use an external authentication system to not store user data and the security expenses that come along with it.
- The existing external systems which take care of the sites’ authentication processes can censor accounts. Accounts can be locked at any time without any given reasons for it and often without giving you the option of recovering it.
Use of blockchain in Authentication
Blockchain implementation in this sector is currently in its incipient phases right now, but it is developing at a rapid pace. The technology can be applied in many industries such as retail, chain supply management, banking, voting, medicine, insurance, and many others. Another appliance that can be added to the list, is its use of blockchain as an authentication provider.
Blockchain tech can prove that you are the exact same person you are claiming to be with just one digital identity which is generated and managed by blockchain technology.
Blockchain makes use of a key-pair (public and private) when registering a user’s identity. The personal information is converted and stored as hash functions which can include attributes such as name, social security number, fingerprints or other biometric data.
After storing the information, the user can request a recognized party to confirm the hashes by authenticating that the information inputted on the blockchain is valid. So now each time someone asks for a user to prove his identity for any kind of authentication or identification process, they can just use the hashes of the block which have been verified in advance by the trusted recognized party.
By using a secure and decentralized network such as Ethereum’s, it could be possible to help such type of authentication.
Cryptographically secure key pairs are composed of a public key which represents the wallet address, and the private key which is never broadcasted over the network. Furthermore, only the owner knows the private key and it is possible to implement asymmetric encryption to authenticate users.
The simplest way in which the Ethereum wallet address can be used is as a user ID. However, if the user has lost the key or access to them, then he or she will never again be able to access the system.
In the same way, if your key has been find out by a hacker, then you cannot use that same key to prove your ownership anymore. The hacker could then just pose as yourself on all the sites you sign up for.
However, the challenge in such a case is that it requires a high level of trust among parties. Another issue of using blockchain for identity authentication is the involvement of different independent contributors to calculate the blockchain to make it reliable and decentralized.
In the case of Bitcoin, such contribution is compensated by receiving a small amount of Bitcoin for providing the next block in the chain.
There will still be incidents in which users may lose their identity but that will only be restricted to phone loss or other data carriers in which their private key portion of the registered identity on the blockchain is stored. In such instance, a user will not have the possibility of requesting a new identity or report the old one as lost/stolen because the identities in the blockchain are not centrally managed.
If the trials we mentioned above can be undertaken in the nearest future, blockchain could open new prospects in authentication implementations.