My passwords are spread across multiple browsers (Chrome, Safari, Firefox, and Brave), devices (phone and desktop), and password managers (keychain, 1pass). I’ve developed a habit of using a specific device/browser for frequently visited websites. But it’s still a mess. I’m sure many power users can relate to this experience. Of course, if I use two-factor authentication, things become even more complicated. Is 2FA now an SMS or token generation tool? How did we get into this situation, and what is the solution?
There are two types of solutions. Either create another password manager to act as a band-aid solution to the existing problem or build a new authentication solution from the ground up. Even Apple used Face ID/Touch ID authentication on top of passwords as a band-aid solution. It performs well on Apple devices but falls short when used with other browsers.
Let’s look at the first principle approach and build it from the ground up. After a decade of storing value/sats on the Bitcoin blockchain using seed words/public key/private key, why can’t we use the same concept to authenticate and log into websites? This works well because the same key can be used to authenticate an unlimited number of websites, and you don’t have to provide any personal information like your email address or mobile phone number. Another advantage is that the seed words can be transferred from one wallet to another and are ultimately owned by the user. We call this key-based authentication.
Many Bitcoin lightning wallets have begun to support this type of authentication, and a couple of specifications have been adopted by wallets. Let’s take a closer look at them.
LNURL-Auth is gaining popularity among Bitcoin Lightning users, allowing them to log in using their lightning wallets linked to their lightning nodes. To make this work, you’ll need a bitcoin lightning wallet that can sign and confirm your identity using your lightning node private keys. Some wallets are supported even if your lightning node is not connected, which is really cool. QR codes display a unique code that is signed by the wallet and returned to the website/service that can validate your public key and signature (Similar to validating a bitcoin on-chain transaction). With a public key, the website/service can identify the user and automatically log them in. This is also transferable between wallets if you stop using one and start using another.
Slashtags extends LNURL-Auth by providing a bi-directional interface for sharing public data. Assume you create a profile on the wallet with your name, email, and public key. When registering for any website or service, name and email can be shared directly from the wallet, avoiding the time-consuming email verification loop (enter email, go back to your email client to get the code, the email does not come to the inbox, then search in the spam folder and waste 15 mins of valuable time of your life). The Synonym.to team is working on adding new features, such as a Slashtags account where you and STARBACKR can store and access the data you create. If necessary, you can quickly move that date to a different platform in the future.
One of our goals at STARBACKR is to serve advanced users and normies (a.k.a. – normal users) and make the solution accessible to all. As a result, we devised a single QR code that can be scanned by any supported wallet (LNURL-Auth or Slashtags) and used to link an existing account or create a new one. Once the account has been created and linked, you will never have to enter a password again…!
This also enables another feature that I enjoy. You can create an account without providing an email address, password, or mobile number by using the QR-code login. If you are using a VPN, your IP address is also obscured. This ensures increased anonymity when browsing, posting, and tipping within starbackr.com
As of this writing, here are some of the supported wallets
Zeus LN Wallet (https://zeusln.app/)
Alby browser extension (https://getalby.com/)
Breez wallet (https://breez.technology)
Bitkit Wallet (Currently in beta – https://synonym.to)
Give it a shot, and let us know what you think. https://auth.starbackr.com