So the question is, how do we integrate this convenience into Web3 without compromising on security?
The first step is to find something, or at least a small group of things, that most people in the Web3 world will have. And certainly, almost everyone would have a wallet- and a wallet would really be perfect for verification if it did not also contain transactional information that perhaps not everyone would be comfortable sharing in order to verify their identity.
Instead, what we need is for as little information to be shared as possible in the process of verification, as Lasha Antadze, Co-founder of Rarify Labs, explains.
“The FriendTech scandal highlights how crucial Zero-Knowledge technology is in truly achieving a viable social-fi platform. With ZK technology, you will be able to abstract personal information such as phone numbers so that it is not possible for anyone but the account owner to get a hold of them. It means that in this incident, the victim’s phone number would have never been revealed, rendering the hack impossible.
The future of Web3 socials will be hyper-customised, with users having greater optionality around which credentials they use, how to store them and also how the platforms verify them. These create additional challenges for hackers as they cannot be sure which method of verification a user has opted for.”
Indeed, such hyper-customisation can turn one of Web2 social sign in’s liabilities into an asset for Web3 social sign ins- the fact that so many social platforms in Web2 are connected to each other.
So many of our social media platforms are connected- think about how posting a story on Instagram would also automatically mean it gets posted on Facebook.
This interconnectedness in itself isn’t a problem, but when gaining access to one gives you access to all, the potential rewards for hackers becomes much higher.
Web3 social sign in can improve on this, since by giving users more options as to what they use to verify their identity, it provides a safety backstop for users. If a victim’s social media profile gets hacked, the impact will be limited to whatever applications or platforms the victim used this particular profile to log into. All other platforms would be safe, and there might even be a way to regain control of the hacked account by verifying the victim’s identity through something unique, like a soulbound token.
At the end of the day, security is a core reason for blockchain adoption- but that will prove to be an empty promise unless we actually achieve this promise for security. The stakes for Web3 are higher than in Web2- given that tokens actually have value. And this is all the more reason for us to take security seriously, before we all lose our money.