March 24th, 2022

Sign in with pfpid

Prerequisites: Everything you need to know (for now).

Web2 authentication

Authentication is the process of verifying the identity of an individual. In web2, authentication processes involve matching user-provided credentials, like email address and password, to existing records in a centralised database. This database could belong to the owner of the application the user is attempting to access or a centralised authorisation intermediary. Either way, the safety and ownership of the users data and credentials are owned and controlled by third parties.

Social Login — great no passwords!

Social login offers a significant reduction in authentication friction. It allows a user to log in to a third-party website using already-existing information stored by a social platform. Users love it because it’s fast. However, each time a user uses a social login, their profile data, personal preferences, and even tracking data are shared between the third party and the social provider. On top of this, if the social provider was to be hacked, any previously authenticated accounts would be vulnerable.

A better authentication protocol

From the above, it's safe to say that web2 authentication methods can certainly be improved. Let's outline some requirements for a better authentication protocol:

Web3 authentication

Web3 offers a new self-custodial, decentralised, and entirely trust-less option for users who wish to have more control and responsibility over their own digital identity. Users can use their Ethereum account to log into services rather than relying on traditional authentication/authorisation intermediaries. Using their Ethereum account, users can authenticate themselves with off-chain services by signing a message with their private key. The third party is no longer required to store any sensitive information but simply ensure that the authentication message is signed by the expected Ethereum address, something which can be safely shared online.

With this, we have met some of the requirements for our better authentication protocol:

pfpfid authentication

However, an issue with web3 authentication comes from the fact that anybody (or any bot) can create any number of wallets. As as result, on its own, web3 authentication cannot guarantee that the account logging into a given service maps to one individual. To make matters worse, users are often required to provide additional information such as name, email address, date of birth etc. in order to create an account.

This is where pfpid comes in.

When you mint a pfpid, personal information that’s inferred from the KYC process is encrypted and stored on-chain in the NFT metadata. As the pfpid owner, you authorise the decryption of this information when you authenticate with web3 services. This gives you full control over who you share data with and how much of your data is shared.

How it works

When signing in with pfpid, the core smart contract will be queried to make sure you own a pfpid. The metadata for your NFT will be retrieved and you will be prompted to decrypt the necessary data before passing it to the third party to create your account.

How it benefits users

In terms of speed and convenience, sign in with pfpid matches any social sign in. It's one-click, password-less, and does not require the user to manually enter basic account information on registration.

However, the two differ in how they store and process a user's data. As mentioned, with social sign in all of the users data is stored and controlled by third parties. With pfpid, all of the users data is encrypted, stored on the blockchain, and owned by the user.

How it benefits third parties

Data validity

Users who sign in with pfpid will be KYC-verified with a liveness video and valid identification. Their data will be confirmed before minting to minimise chances of typos and then stored immutably on the blockchain. Third parties can be confident that users who sign up to their platform are who they say they are.

Multi Accounting

Users will only be able to mint one pfpid. To prevent users minting multiple pfpids across multiple wallets, we will cross reference any newly-minted pfpids against previously-minted pfpids, and block the creation of duplicates.

Summing-up

We have now completed our checklist for a better authentication protocol:

pfpid is a utility-centric NFT project aiming to bring more trust to the web. Sign in with pfpid is one of several utility benefits afforded to holders. With it, we can reshape how we think about authentication by shifting the power and ownership back into the hands of the user and away from third parties. As adoption for web3 continues to grow, sign in with pfpid will become as ubiquitous as web2 social sign in.

Next Steps

The public mint will take place on the 14th of April 2022. Presale for VERY EARLY community members will take place the week before.

To become a VERY EARLY member, join the pfpid Discord