The future of web3 authentication using “Passkeys” | Part 1

Table of contents

· Table of contents
· Introduction
· What are Passkeys?
· History of passwords
· How will passkeys help?
· Conclusion

Introduction

Welcome to our article series where we explore a revolutionary approach to creating crypto wallets and conducting transactions. In this series, we will delve deep into a new and innovative method that transforms the way you create and use crypto wallets. We will examine existing solutions, their strengths, weaknesses, and areas of improvement. Specifically, we will focus on Passkeys and provide a comprehensive overview, addressing the challenges of making them viable for blockchain applications. Furthermore, we will explore the implementation code behind Passkeys and highlight Banana’s pioneering role in delivering this cutting-edge solution.

What are Passkeys?

Source

Passkeys allow users to authenticate without entering a username or password or providing any additional authentication factors. This technology aims to replace legacy authentication mechanisms such as passwords. Passkeys serve as a substitute for private key management, offering faster sign-ins, ease of use, and improved security.

It is possible that the era of passwords for all your online accounts may soon come to an end, thanks to passkeys. According to FIDO, traditional passwords pose both security risks and user experience challenges. The alliance claims that over 80% of data breaches occur due to compromised passwords, a problem further exacerbated by password reuse, which reaches up to 51%. FIDO also states that one-third of all online purchases are abandoned because customers forget their account passwords, preventing them from completing the checkout process.

History of passwords

The modern concept of passwords began with the rise of computer systems in the mid-20th century. In the 1960s, passwords were introduced as a means of user authentication on time-sharing systems. The UNIX operating system, developed in the 1970s, played a significant role in popularising password-based authentication. UNIX introduced the /etc/passwd file, which stored user account information including hashed passwords.

As computer systems became more prevalent, there was a growing need for stronger password security. Password complexity requirements and encryption techniques were developed to enhance security and protect against brute-force attacks. Over time, password cracking techniques evolved, and vulnerabilities in password storage and handling became apparent. Weak passwords and poor password management practices led to numerous security breaches.

How will passkeys help in Web3?

To onboard new users into the world of web3 and cryptocurrencies, it is essential to provide better solutions for private key management. The significance of private keys and the potential risks associated with their loss or compromise are often misunderstood by users. Countless individuals have suffered substantial financial losses due to inadequate security measures.

Account Abstraction based Smart Contract Wallets(SCW) are a perfect solution to this. For SCWs, passkeys offer significant benefits, even with the emergence of SCWs themselves. Passkeys can serve as the owner of an SCW, enabling users to conduct transactions through their SCWs using their primary authentication method. These benefits are summarised below:

• User Experience: Onboarding new users to the blockchain is challenging, with seed phrases and private key management being less than ideal. We aim to address this by ensuring even users unfamiliar with security concerns can safely manage their funds.
• Security: Passkeys provide inherent security by eliminating issues like weak and reused credentials, leaked credentials, and phishing.
• Cross-platform support: Extend the solution to devices without biometric scanning but with Trusted Execution Environment (TEE) support. Utilizing QR code scanning, devices perform a secure local key agreement, establish proximity, and enable end-to-end encrypted communication. This ensures robust security against phishing attempts.

Conclusion

This serves as an introduction to the concept of passkeys. In the upcoming article, we will delve into the background of webauthn and explore the implementation of simple passkeys. Banana continues to spearhead this innovation, driving advancements in Passkey solutions. We encourage you to stay tuned for future updates and kindly share your suggestions and comments below. Your feedback is valuable to us as we strive to deliver cutting-edge solutions in the world of passkeys.

Also here is a simple demo which we prepared, try your first(probably) passkey based blockchain wallet: here

Banana SDK is a smart contract wallet infrastructure that leverages account abstraction to facilitate secure and user-friendly onboarding for applications. It is currently operational on Polygon’s ZK-EVM, Polygon, Astar, Gnosis chain and Optimism. For more information on Banana SDK, please visit our official website.

Get in touch

Twitter | Discord | Telegram | LinkedIn | Github | Email