I think it would be great if the wallet-connect protocol (or perhaps the web3 provider) could support users with correlating a dApp to accounts. I think it is good digital hygiene to use different dApps with different keys - especially as there is still a lot of privacy infrastructure missing on ethereum or it is just still to expensive to use.
But UX wise this can be hard - 2 ideas to help here:
when the dApp is querying for the account
add ability give a hint what account was used last
save what account was used last with a certain dApp on the wallet side. I think for this we would need something like a dApp-id as the name might not be stable enough over time
By “account” I am assuming you mean Ethereum address. I use login / identity / wallet. An Ethereum address can represent all three, and mostly does today.
Some wallets might generate a new address per login per dapp.
On the user side, email address and one time login link for length of session is the most usable way to access. No passwords. Up to user to generate multiple emails for multiple dapp identity.
For malicious dapps this can still allow for correlation, but makes pure on chain correlation harder.
I think we need some consistent flow diagrams to help talk about this.
This is going to take me some time and I’m traveling. We definitely don’t agree on all terminology
Thank you for the account / address disambiguation — I have struggled with that in the past.
Additionally there is the concept of a dapp account — which MAY use an account to login or MAY use a completely separate kind of login.
There is more than one kind of login to both dapps and wallet apps. eg every time I open The Status wallet & Chat app I need to enter a password. That is a login (perhaps native app login to differ from dapp login).
Every time I open Trust Wallet on iOS I need to enter TouchID. That is technically an authentication — my “login” of the wallet app is cached and tied to my mobile device.
Let’s move this to the wiki for these different words and a glossary / definitions.
I disagree here - TouchID/Fingerprints are no authentication as you leave your fingerprint everywhere. Fingerprints should only be used as id/user_identifier/login_name not as authentification - you should watch some talks by starbug on this topic …
I think it is not really a form of authenication - and after reading up on Authentication - Wikipedia - I think identification is the right word for it.
yea - this is really an ugly antipattern - really hope @jarradhope and his team fix this at some point. Would prevent me from really using the app more than just for testing things. But there is WallETH that does not have this antipattern SCNR
yea unfortunately cruel world - hope we can fix this mess at some point …
cruel world - hope we can fix this mess at some point …
we are also discussing those things in here