Log-In via Ledger or MetaMask or other Crypto Wallets?
Users of Bitcoin, Ethereum / DeFi and other cryptocurrencies routinely use secure wallets to link to sites we engage with to make investments, payments and other transactions. We 'Sign-in' with our Public Key via our secure wallet as we "Connect" to the site, which is persistent across the whole site. The site then sends a message back to our wallet which we Review and Sign, validating with our Private Key that we ARE the authorized user of this wallet address. When we approve or "Sign" a message, our Private Key proves our identity incontrovertibly and we are then able to complete a secure transaction completely ANONYMOUSLY--all using decentralized open-source technology. When we complete a significant transaction, we again sign a message from the host site, validating that we are authorized to confirm the transaction from our wallet.
Proton could enable the very same decentralized method of validating authorized users anonymously by integrating with readily available APIs from leading secure open-source-wallet DAOs or other providers, without needing to resort to Surveillance-State-spyware like google-captcha [kinda sounds like "got-cha" doesn't it?] or even the multiple log-ins we now endure to access various components of Proton securely--which would certainly enhance OUR UX and make Proton THE MARKET LEADING SECURE communications provider, the leading edge of decentralized Log-in validation, as we move into Web 3.0.
Even today, as I work with multiple DeFi apps, approving such transactions is extremely straightforward,secure and anonymous--tho as always, we must make sure we're interacting with the site host we we intend to interact with. How about enabling such sign-in via secure crypto-wallet accounts for Proton? Wouldn't something like this be wonderful? Many thanks to the team for ALL that you are doing for our growing Proton community!!
I personally do not see a benefit to outsourcing approval of login through an API. That sounds like a recipe for single-point-of-failure to me. As well, it's long established in the cryptographic community that:
encryption is not authentication
...even when done as a mutual exchange as is the common practice among bitcoin wallets. I have to imagine that the very high number of compromised wallets may have something to do with this fact. In the very least, it's worth noting, cautiously.
While this is a good suggestion, I would not feel comfortable using Proton should they begin allowing third-party authentication.
I suppose the alternative is squirrel mail and my own GPG keys, which would probably be what I do if it were not for ProtonMail.
I strongly agree. Yubikey like methods sound good, too to me, but having the same system as crypto currencies use ~ sounds more immediately scalable due to the higher perceived popularity of crypto,block chain and co.
I like, too how you are polite and sensible, RogerThat. Protonmail is still a very small team compared to the success they enjoy and are surely not getting paid well like other tech giants' workers.
Plus, I am sure they have thought of Yubikey anyways themeselves, and, if not, have certainly taken the -spam- like amount of comments on yubikey stuff seriously into account.
They know what they are doing, I believe. And they are transparent enough for me, personally.
Sounds good. So does Yubikey.