Sign-In with Ethereum Takes a Step Forward with Integration into MetaMask
Spruce, a blockchain-based identity management platform, has announced the integration of Sign-In with Ethereum (SIWE) directly into MetaMask. This is a significant step forward in standardizing the adoption of SIWE, which aims to provide better user experience and increased safety when users sign into apps and services.
One of the critical aspects of standardizing SIWE is allowing wallets to interpret messages for better UX and increased safety when users sign into apps and services.
Previously, when users were prompted to sign a SIWE message, they were given a human-readable message to sign, as installed by the app-specific developers. This included things such as the intent of the user, additional statements, and other information such as the domain where the user was and a nonce.
By integrating Sign-In with Ethereum, MetaMask also now adds additional phishing protection.
If what you’re signing doesn’t match the website you’re on, you’ll see a clear warning it might be a phishing attempt. pic.twitter.com/77BmM7OwRh
— Spruce (we’re hiring) (@SpruceID) March 23, 2023
However, until SIWE adoption became more prevalent, it was challenging to include additional UI/UX enhancements within the wallet layer to create a better user interaction for signing in. When wallets expect a standardized message format for signing, they can build much better UX to create “Sign-In” experiences more closely aligned with what we expect in traditional web applications.
Now, when an app or service follows the SIWE standard, MetaMask can parse that message and give the user a friendlier interface – prompting them to “Sign-In” rather than sign a message. The required fields are still prominently displayed for the user, but the intent has now been clarified: this is a “Sign-In request.”
The intention of the message and the action the user is taking are made much more evident. This is a significant leap forward for user safety in Web3, where users could previously be easily confused about whether they were signing into a service versus authorizing a malicious actor to transfer assets out of their account. Now, in Metamask, users can expect to see a “Sign-In” button and a user experience much more similar to what they would expect in a Web2 application.
Another prominent feature of this integration that improves user safety in Web3 is domain binding. Domain binding is present to make sure users don’t become the victim of phishing attacks when sites ask users to sign in, but the message doesn’t match the website they’re actually on. If this happens, the user is prompted with a warning, and they must explicitly select to move ahead, accepting the risks of a potential phishing attack.
These efforts to provide user-friendly security and safety enhancements across Web3 wallet experiences should increase the sense of confidence that users have when interacting with dApps.
Spruce is also working with additional wallet providers to continue offering user protections and benefits through SIWE, and with developers in the space looking to integrate the standard. For developers, Spruce recently released SSX as the easiest way to get started with SIWE and incorporate these newly improved signing-in experiences with MetaMask for end-users.
Through this collaboration with MetaMask to integrate SIWE, Spruce is addressing some of the major concerns repeatedly heard in Web3 – user safety and user experience – and looks forward to future enhancements to come.
Read more:
- MetaMask Launches SDK For Web3 Gaming: A New Era For Developers
- MetaMask Improves Wallet Experience With More Control And Transparency On Mobile And Extension
- Nigeria’s Growing Crypto Adoption Boosted By MetaMask And MoonPay’s Instant Bank Transfers
- MetaMask Launches World’s First Institutional Staking Marketplace For Ethereum