The Aptos blockchain has recently introduced a web-based keyless wallet application called “Aptos Connect.” This innovative wallet utilizes ZK-proofs to authenticate users and enables them to connect to decentralized applications (dApps) using their Google login, without the need for hardware security modules, passkeys, or a multiparty computation network.
The main goal of Aptos Connect is to simplify the onboarding process for Web3 by allowing users to effortlessly create and manage their Aptos blockchain accounts with just one click using their Google login. This eliminates the requirement for private keys and provides a seamless experience within the developer’s app. The OpenID Connect (OIDC) standard and zero-knowledge proofs are employed to link social logins to blockchain accounts.
Although the concept of logging in with a Google or Apple ID is not entirely new in the crypto world, Aptos Connect offers the same convenience as other wallet protocols without the need for users to follow an email link, enter a passkey, or rely on a multi-party computation network. Instead, users can simply click on the “Continue with Google” button and select their Google Account to log into their wallet. Aptos plans to integrate Apple ID in the near future as an alternative option for users who prefer not to use Google.
The development of the Aptos Connect app was made possible through Aptos Improvement Protocol 61 (AIP-61), which enables transactions to be authorized using JSON Web Tokens (JWTs) from popular login providers such as Google, Facebook, and Apple. ZK-proofs are utilized to protect the user’s identity and login provider, thus ensuring that the Google ID associated with an Aptos account remains confidential.
Aptos believes that the introduction of this new wallet may attract a new generation of crypto users. However, it is important to note that the security of funds in Aptos Connect relies entirely on the user’s Google account. Therefore, if a user’s Google account is compromised, there is a risk of losing their cryptocurrency. Aptos cautions users about this potential vulnerability and reminds them that all keyless accounts associated with their compromised OIDC account will be at risk.
Despite this risk, Aptos acknowledges that some users may be comfortable with it, as many software applications currently rely on Web2 login providers. This reflects a growing trend in the Web3 industry, where there is increasing focus on developing user-friendly wallets. For example, Coinbase recently introduced its smart wallet application, which allows users to create a new wallet using a Windows Hello passkey. Additionally, Eco launched its own product called “Beam Wallet” in July 2023.
As the Web3 industry continues to evolve, it is evident that there is a strong emphasis on creating wallets that are accessible and convenient for everyday users. However, it is important to consider the potential risks associated with relying solely on login providers for security.