Personas: Logins for the Web3 Era | The Radix Blog | Radix DLT

One of the crucial forms of identity needed for Web3 is a way for users to easily and securely log in to Web3 websites and apps.

Existing solutions are either not flexible enough for Web3, confusing and risky for users, or inherently centralized. That’s why the Radix Network and Radix Wallet provide a purpose-built solution that is designed to be the new user login for the Web3 era.

It’s called Personas.

The Need for a Better Login for Web3

It’s easy to forget now that the idea of “logging in” to a website was once a new idea. Without a login to identify different users, early “Web 1.0” websites were essentially read-only and provided no personalization of experience.

The Web2 era of highly personalized 2-way communication and retail experiences was enabled by the user login, and the standard method to log in that the world settled on was an email address and password. That approach provided a base level of identification (via the email) and security (via the password).

Years later, we’ve started to realize that logging in with email and password is annoying for users and not fully secure. The problems are many, such as:

  • With so many websites to log in to, people use bad passwords that are easily hacked
  • People still often lose passwords, requiring email-based recovery that is often not very secure
  • Creating and typing in passwords that meet different requirements on different websites sucks
  • Users who want anonymity and multiple logins have to create and manage multiple email addresses

Not only that, email and password are a poor form of identity for Web3, where websites need to interact with accounts and assets owned by the user. When you log in to a Web2 app, you choose who you want to be on that app (today with an email and password). But when you log in to a Web3 app, you want to choose both who you want to be, and what assets you want to bring with you for use on that app.

This means that the right login for Web3 lets me both identify myself and also seamlessly share some of my blockchain accounts, according to my own preferences for a given dApp. Ideally it would even let me choose to share personal data about myself for dApps that might need something like a name or phone number.

This combination of identification and sharing of blockchain-enabled accounts and assets is arguably the fundamental thing that separates Web3 from Web2, so it’s kind of shocking that the user experience in Web3 and DeFi does it so poorly.

The Problem with Today’s New Login Solutions

Proposed Web2 Solutions

Before looking at the problems with existing Web3 login concepts, it’s worth briefly looking at the attempts to solve just the problems with Web2 logins.

Google, Apple, Microsoft and others have been trying to replace the email and password with something more user-friendly and secure for years. Just in the last year has that work finally resulted in Passkeys, a system that lets users log in without a password using their phone, and to recover access to their logins if they lose that phone.

Unfortunately, the Passkeys system has two big problems.

One, it is inherently centralized. To login using the Passkeys system, the phone holds a bit of data called a “private key” that lets it prove the identity of its holder (more on this later). However, if you lose the phone, you lose the private key. What to do? Passkeys backs up your private key to a cloud service like iCloud or Gdrive, meaning that you’re entrusting those companies with all of your Passkeys logins everywhere. You can technically backup your Passkeys yourself privately, but this requires both know-how and a lot of care to do safely and consistently, with huge risk if you do it wrong.

Two, it’s not designed for Web3. When you connect to a DEX or an NFT trading platform or a Web3 game, you always want to connect your accounts and assets to those applications so you can use them there – that’s the whole point of Web3. Passkeys doesn’t know anything about blockchain accounts, and so even if a Web3 dApp were to use it for logins, its users would still have to separately connect their wallet. That can’t be the model of the future – you want to drop into Web3 apps, with all of the assets you want to bring with you, in a single step with a single system.

Proposed Web3 Solutions

Moving over to the Web3 world, you’ll find a different style of solution like Sign in With Ethereum which uses your crypto wallet itself to login. Using your wallet app to login is a good goal for Web3, but the way of doing it today leaves a lot to be desired.

The assumption of all of these existing systems is essentially you are your account. If you “sign in with Ethereum”, what you’re doing is identifying yourself by an account address, and your wallet proves you own that address. This does provide a password-free login, and lets you login and connect an account in one step. But doing it this way has many shortcomings:

  • Want to use separate logins to different dApps? You’ll have to create different accounts, fragmenting where you store your assets.
  • Want to change the account you’re using with a dApp? You’re treated as a different user.
  • Want to use multiple accounts with a dApp and switch between them at will? Can’t do that.

That doesn’t sound like the mature future of the Web3 login.

Plus, this model for logins has all of the same user experience problems that accounts have on these networks. You have to carefully protect a single seed phrase that forever controls that account/login. Lose that seed phrase? You’re out of luck. There are some efforts to mitigate some of this single-seed-phrase problem with extra layers that provide pseudo-multi-factor control, but under the hood, they all still have a single seed phrase, and the result is still you are your account.

We need a system that lets you separate identity from ownership within a unified user experience – letting you choose who you want to be, and what you want to bring with you when you log in.

The Radix Solution

The right login solution for Web3 has some important requirements:

  1. You can choose how you want to identify yourself to a dApp
  2. You can choose what accounts to share with a dApp, separate from your login, in one step
  3. No password required, no seed phrase required
  4. You can easily recover access to your logins after losing a device
  5. No entrusting the security of your logins to a centralized entity

This is exactly what Personas provide on Radix. Here’s how.

Personas and Sharing with dApps

Requirements #1 and 2 are extremely important, enabling the concept of you choose who you are and what you bring with you for each Web3 dApp you connect to. You are not just your account – but you do usually want to share some of your accounts (and maybe more) with a dApp.

So first and foremost, a Persona is something you create in your wallet just for logging in, totally separate from your Accounts. Personas exist to let you identify yourself to a dApp uniquely, without having to resort to something like an email address, and to let you make your own choices about anonymity.

The Radix Wallet lets you create as many Personas as you want with a tap, and start using them wherever you like. Maybe you want to have one Persona for trading dApps and another for social media dApps to create some anonymity between those activities. Maybe you’d like to create a separate Persona for every dApp, to create a total separation of “who you are”. Or maybe you’d like to use more than one Persona with a dApp depending on what you’re doing – like having a Work Persona and a Home Persona – so that you can have different preferences and different sets of information you share in those different contexts.

Personas let you choose who you want to be. But what about “what you want to bring with you”?

The Radix Wallet makes this easy – letting dApps request what they would like the user to share, and keeping track of sharing automatically.

To login to a dApp on Radix, you’ll use a √ Connect button to fire off a login request to the wallet on your phone. You’ll choose a Persona to log in with, like this:

The Radix Wallet keeps track of the Persona you use to log in to that particular dApp. Or if you want to use different Personas at different times, it will keep track of that too.

The dApp you’ve logged into can make specific requests to your wallet. The most common is to request one or more Accounts to use with the dApp. Some dApps may only need a single Account, but some may let you share multiple (perhaps allowing you to switch between them in the dApp’s own user interface). The dApp tells the wallet how many Accounts it needs, and you’ll get a pop-up in your wallet to choose which Accounts you want to share. In fact that request might be made by the dApp right at the same time as the login – or later on in your session.

A dApp can also choose if it wants to request ongoing access to your preferred list of Accounts – basically if it wants a list of Accounts from your wallet every time you log in rather than just one time. If you give permission for that sharing, the Radix Wallet will automatically share your preferred list of Accounts (for that dApp, using that Persona) whenever you log in. And you’ll see your ongoing shares in the Radix Connect button’s menu, like this:

dApps can also request pieces of common personal data, like a name, email address, or phone number. You can associate different personal information with each one of your Personas, allowing you to have fully separate identities. (None of your personal data is stored on the network; it’s always safely stored off-ledger in your wallet.) Similar to Account sharing, the wallet can automate providing that data to dApps. That means that dApps can always have up-to-date information for you, and you don’t have to type that info into 1000 different web forms on different websites. In fact they may not need to store your personal data at all, instead just relying on getting it from your wallet on-demand when needed.

To make this possible, the Radix Wallet separately keeps track of three things:

  • The user’s Personas
  • The user’s Accounts
  • The dApps the user has logged into, and what they have given permission to share

The Radix Wallet will keep track of your sharing for each dApp separately – and also will keep track of what you want to share for each Persona you’ve used there. For example in the diagram above, this user likes logging in to CollaboFi with two different Personas – and for each Persona they like to share different accounts. They also use one of those Personas with SuperDEX, but on that dApp they choose to share different accounts than they do on CollaboFi.

In short, this means that the Radix Wallet remembers:

  • Who you like to be on a given dApp (the Personas you’ve used there)
  • What you want to share with a given dApp (Accounts and personal data you’ve shared as that Persona)

This gives you total flexibility and control as a user, without forcing you to remember your login or sharing preferences for every dApp you use.

Persona Security and Recovery

Requirements #3-5 have to do with ensuring that using Personas to log in is easy, secure, and recoverable. Let’s dig into how Personas work under the hood to make that possible.

Those three requirements actually have a lot in common with the sorts of things your want for control of Accounts, and led to the creation of Radix’s multi-factor Smart Accounts, providing a much more mainstream-ready account control experience than using accounts on other networks, or even band-aid multi-factor concepts like EIP-4337. No single seed phrase is required, and you can recover access using familiar multi-factor flows without resorting to centralization.

Behind the scenes, Personas use some of the same Radix Network capabilities as Smart Accounts, which you’ll see in a moment.

How can you log in with a Persona securely without a password? It involves a little bit of clever cryptography. But the essential bit is this:

Every Persona you create in the Radix Wallet automatically claims a unique address on the Radix Network. That address corresponds to a special component (smart contract) called an “Identity”. An Identity is basically just like an Account component, but it doesn’t hold tokens. When you choose a Persona to log in to a dApp, the Radix Wallet provides the corresponding Identity address to the dApp. Think of it like a unique User ID. The Radix Wallet also produces a little cryptographic package that proves to the dApp, without a doubt, that it is in fact the owner of that Identity. The dApp can easily check that proof, and if it’s good, you’re logged in – instantly, without a password.

No transaction is required on the Radix Network, but the dApp will be checking the Identity on the Radix Network to verify the login.

(A bonus note on tech: verification by the dApp is done with a bit of code called ROLA – Radix off-ledger authentication. Not only does ROLA make it easy to verify Persona logins, but also to verify that a user is truly the owner of Accounts that are shared with the dApp. How that’s possible will make more sense after you read the next part of the article.)

This method of logging in with a Persona has a little bit of similarity to the Passkeys system mentioned earlier that Google, Apple, and Microsoft spent many years on (with a crucial difference). In Passkeys, rather than using a password, the phone keeps a secret key that it can use to prove an identity to a website. But as mentioned before, the problem with Passkeys is that the key used to create that little cryptographic proof has to be stored on a centralized cloud service so that you can recover access if you lose your phone.

That’s where Personas are different, because they can use the Radix Network.

Smart Account components use on-ledger multi-factor to let you recover access even if you lose your phone (or any other single factor you choose). The logic is all implemented on the Radix Network itself to use additional recovery factors to prove who you are (see the blog above about Smart Accounts for more).

Because Identities are also components, exactly the same solution can be used. The key needed to login with a Persona might be exclusively on your phone (not a cloud service), but if you lose your phone, the Radix Wallet will let you use the Radix Network’s multi-factor recovery features to get access to that login again. No centralized trust required.

This is a significant departure from what’s possible on Ethereum or other L-1s. Metamask can use the key it holds to sign a special message that proves that it controls an account (if you accept the “you are your account” model). But there is absolutely no possibility of changing the key if you lose it. As with accounts, their only option is to adopt add-on systems to protect that key (often using a centralized party) or highly convoluted protocol add-ons like EIP-4337.

(The multi-factor capability described here is all functional on the Radix Network. While the Radix Wallet already supports Persona-based logins, a future update will enable use of Radix’s multi-factor features in the wallet UI to recover Personas.)

What do Personas mean for dApp developers?

The short answer is that you can think of a Persona as simply a unique user ID. That ID takes the form of the Identity component address associated with the Persona, which you’ll get from the user’s Radix Wallet at the start of a session with your app frontend.

RDT (Radix dApp Toolkit) integrates into your frontend and will handle all of the common mechanics of asking users to login with their Persona, making Account or data sharing requests to their wallet, and even session management – all packaged with a handy little √ Connect button and menu that gives users a consistent and friendly user experience with your dApp. Read more about how RDT works here before diving into the tech docs.

If you have no need for a unique user ID in your system, that’s fine, you can just ignore it. It is, however, still useful to your users to login with their Persona at the start of a session because it will let their wallet save their sharing preferences for your dApp, making for a better user experience.

If you have a “full stack” dApp with a traditional backend, then you’ll almost certainly need a unique user ID for each user’s entry in your database. Traditionally you’d generate an ID yourself and associate the user’s email address and password with it. With Personas, just use the Identity address as the user ID; it won’t ever change for that user, even if they have to “recover” access to it due to losing a phone. (You never have to think about any of the multi-factor recovery features; it’s all handled by the Radix Wallet and Network.)

Also for full-stack dApps, you’ll want to verify the login, and that’s where ROLA (Radix off-ledger authentication) comes in. ROLA is just a bit of code you run in your backend for Radix-style verification. Rather than saving and checking a user-provided password, you’ll use ROLA to do a quick verification check in your backend system and can then consider the user logged in. In short, if you ask a user’s Radix Wallet for a login with proof, the wallet will automatically generate a cryptographic challenge response; ROLA then does a quick check of that response against the user’s on-ledger Identity and you’ll have a go/no-go answer on whether the user does indeed control that Identity.

In fact, you can also use ROLA to verify proof of Account ownership. When your frontend asks a Radix Wallet for an Account (or a list of them), as with Personas, it can specify that it wants proof. And once again, the wallet will provide a challenge response that ROLA can check on-ledger and give you a go/no-go.

What if you need to identify the user on-Ledger, perhaps so you know where to send them tokens? You’ll want to use badges for that, rather than Personas. Personas are purely an off-ledger concept (other than the Identity component used only for the unique ID and recovery) – on purpose. To truly give users control of their sharing, there shouldn’t be on-ledger links between who they are and what they own that anybody can examine. Using badges specifically for your application lets users authorize to your on-ledger components without breaking that anonymity, and they still provide a nice user experience in the Radix Wallet.

Conclusion

Before it can go mainstream, Web3 needs a truly Web3-native way of logging in to dApps that solves the problems of Web2 logins and adds the ability to share your digital assets and data however you want. Radix has ensured that the full-stack design of the Radix network itself includes the tech needed to finally make that possible – the Persona system, including Identity components, ROLA proof, and on-ledger multi-factor. That means the Radix Wallet can rely deeply on Personas to let you easily log in anywhere in a way that is tightly integrated with an great overall DeFi user experience.