How Does Crypto Login Work?

A look into how decentralized apps handle logging in

The world of Crypto has been insane the past couple of days. Volatility has no meaning anymore. A 15% crash is just another ordinary day.

A few days back, we saw millions worth of NFTs stolen because of the OpenSea phishing attack. This event started a massive downtrend exacerbated by the imminent war between Russia and Ukraine.

It’s hard to stay calm in times of crashes. Seeing your portfolio lose so much value so fast feels like a dagger to the heart. The only thing that keeps me sane is my belief in blockchain technology and its applications in the long run.

One such technology is Metamask, a browser extension that helps you connect to the blockchain.

What is Metamask

In a traditional app, a user has a username for identification and a password to verify the account.

On the other hand, a decentralized app makes use of cryptography concepts. Every user is related to a public key, and the password is a private key.

Metamask allows you to access your public key and private key in the browser with the help of an extension. It thus enables you to connect to decentralized apps with your Ethereum(or some other blockchain) address. You can then interact with smart contracts and proceed to play games, purchase NFTs, etc.

How Login with Metamask Works

To login to a Dapp with your public address, the Dapp needs to verify that you are the account owner. Every public key has a private key associated with it. But you can’t just hand over your private key over to someone else.

Instead, the Dapp asks you to sign a message with your private key cryptographically. Metamask opens up, and you are prompted to sign a message, for example, “hello” which will then send the signed message to the backend.

Once the Dapp’s backend receives the signed message, it runs an algorithm to derive a public address out of the signed message. If this public address is the same as the user’s public address, the user gets logged in.

Also, note that because the signed message is created cryptographically, it is impossible to get the private key from it, ensuring security.

You are viewing an NFT