đ đČđĂ„đșĂ„đđž
Metamask allows you to access your public key and private key in the browser with the help of an extension. It thus enables you to connect to decentralized apps with your Ethereum
Last updated
Metamask allows you to access your public key and private key in the browser with the help of an extension. It thus enables you to connect to decentralized apps with your Ethereum
Last updated
Skiff now supports MetaMask Login sign up. No email required
Skiff x MetamaskSkiff is thrilled to announce the release of a new option to log into Skiff with a MetaMask wallet. Tens of millions of individuals already browse the internet with an Ethereum address as a primary form of identity. Now, Skiff has joined the ecosystem of forward-looking services that offer them seamless access.This integration is technically groundbreaking (see more below) and provides all Ethereum wallet-holders access to privacy-respecting, end-to-end encrypted, and decentralized collaboration. Internally, Skiff already functions a lot like a crypto wallet - safeguarding keypairs and other sensitive information for your documents, identity, and team. Weâve written about this in past blogs on decentralized collaboration and in our technical whitepaper. Using similar functionality in the MetaMask wallet (such as eth_decrypt), weâre able to automatically create a Skiff account directly from a userâs wallet.How to log into Skiff with MetaMaskIf you have the MetaMask browser extension, youâll now see an option to âLogin via MetaMaskâ on the app.skiff.org login page. If you donât have the MetaMask extension, this button remains invisible.Once you click âlogin via MetaMask,â youâll immediately be prompted to sign a login token - an attestation that you own your Ethereum wallet. You will first have to authenticate with your MetaMask wallet using a password.As the final step, youâll then be asked for your encryption public key, which is used to secure your Skiff login token and password. From there, the normal Skiff login process begins - choosing a theme (light or dark mode), setting a display name, and enabling account recovery. For your collaboratorsâ sake, we highly encourage setting up a display name!Thatâs it! Youâll then have access to writing, collaboration, and sharing â all with your Ethereum wallet address.
Now that weâve covered the wallet-based login process, letâs dive into how it works behind the scenes!First time logging inFirst off, if you have the Metamask extension installed, you will see the option to log in with your wallet. If you donât, youâll see the familiar email-password login.When you connect to Skiff with a new Ethereum wallet, the first thing we ask you to do is to verify that itâs actually you. To do this, we generate a challenge message with your wallet address and a random string for you to digitally sign, all done through Metamaskâs interface. We call this challenge message skiffLoginToken, which you can see in the Metamask prompt. This challenge-response authentication model prevents man-in-the-middle attacks and other impersonation strategies that could compromise your informationâs security.After verifying that this digital signature is valid, we can rest assured that youâre not being impersonated. At this point, Skiffâs end-to-end encryption model relies on private / public keypairs that are subsequently encrypted with your password, which is never stored or sent over any network. But since the whole point of logging in with our wallet was to eliminate site-specific passwords, we wonât ask you to create and remember a password. Instead, we randomly generate a password, ask you to encrypt it with your public key using the Metamask API, and then store the encrypted result (which can be decrypted with your MetaMask wallet) for future reference. Your unencrypted password never leaves your browser (so we canât ever see it!) and only you hold the keys to unlock your encrypted password.Thatâs it! Using only your Metamask wallet, youâre securely logged in and ready to start securely collaborating on Skiff!Subsequent loginsWhen logging in with an Ethereum wallet that youâve used before, the process looks a little different. To start, we will still ask you to verify your identity with the same challenge-response authentication. Next, youâll retrieve your password so you can generate your private and public keys for accessing all your end-to-end encrypted data on Skiff. We query your encrypted password in our database and then you decrypt it with the help of the Metamask API. As with Skiffâs email-password login process, your plaintext password never leaves the browser, ensuring that everything you do on Skiff remains truly private.The future of online identityThe email address has been the internetâs default login credential for so long that itâs easy to lose sight of alternative (and often superior) approaches. With the emergence of Web3 and the continued decentralization of the internet, new forms of identity â such as an Ethereum wallet address or a unique encryption keypair â are already proving their advantages to both user autonomy and privacy.Metamask logins are only a first step. Skiff is already developing new features to ensure that private, decentralized collaboration remains seamlessly accessible to as many people as possible, regardless of how they choose to access it.