MetaMask adds EIP-4361 so users can securely log into websites with its crypto wallet

Quick Take

  • MetaMask has added compatibility with EIP-4361 or “Sign In with Ethereum.” 
  • This feature acts a self-custodial alternative to centralized identity providers like email when using websites.

MetaMask now supports "Sign In with Ethereum," a feature that enables people to securely use its crypto wallet to authenticate web services.

The popular web3 wallet has implemented the EIP-4361 standard, which aims to provide a more standardized way for Ethereum account holders to authenticate themselves on off-chain services. The wallet project partnered with digital identity and data provider Spruce on this integration.

With EIP-4361 implementation, users of wallet projects like MetaMask can sign a standard message format to log in to websites. Supported websites will present users with a pop-up to review details, including the website name, session details and security mechanisms — such as a nonce — and verify the correct domain name to protect against unauthorized access from malicious sites. This offers a self-custodial alternative to centralized identity providers such as email or phone numbers.

"This is part of our ongoing effort to make confirmations more legible to our community. Our implementation also offers a 'domain binding' feature, which detects signatures/approvals from malicious URLs," MetaMask said in a tweet.

THE SCOOP

Keep up with the latest news, trends, charts and views on crypto and DeFi with a new biweekly newsletter from The Block's Frank Chaparro

By signing-up you agree to our Terms of Service and Privacy Policy
By signing-up you agree to our Terms of Service and Privacy Policy

Developers first introduced Ethereum Improvement Proposal (EIP) 4361, or Sign In with Ethereum, in 2021 as a mechanism for wallet providers to offer authentication with an Ethereum wallet for off-chain services.

Traditional websites usually rely on identity providers such as large internet companies and email providers, which are centralized entities with ultimate control over users' identifiers, when signing in to popular non-blockchain services.

It is worth noting that MetaMask is not the first wallet provider to adopt such security standards. In February, competitor wallet provider Phantom also added an equivalent of ERC-4361 on the Solana blockchain.


© 2023 The Block. All Rights Reserved. This article is provided for informational purposes only. It is not offered or intended to be used as legal, tax, investment, financial, or other advice.

About Author

Vishal Chawla is The Block’s crypto ecosystems editor and has spent over six years covering tech protocols, cybersecurity, artificial intelligence and cloud computing. Vishal likes to delve deep into blockchain intricacies to ensure readers are well-informed about the continuously evolving crypto landscape. He is also a staunch advocate for rigorous security practices in the space. Before joining The Block, Vishal held positions at IDG ComputerWorld, CIO, and Crypto Briefing. He can be reached on Twitter at @vishal4c and via email at [email protected]

Editor

To contact the editor of this story:
Mike Millard at
[email protected]