Photo by Mark Basarab on Unsplash

Today’s authentication systems are moving away from traditional password-oriented solutions. An example would be biometric authentication using a fingerprint. Due to a fingerprint’s uniqueness you can be sure that the person authenticating themselves are who they say they are.

A fingerprint’s uniqueness has parallels to wallet seeds in cryptocurrency. When you create a wallet for receiving cryptocurrency you generate a seed in a secure manner. If generated correctly and depending on the size of the seed, it is almost guaranteed that this exact seed will never be generated again. So for all intents and purposes it is unique.

If a wallet seed is kept secure then any activity observed from the wallet can be deemed to be from the person who generated its seed. If they have funds in their wallet they have a huge incentive to keep the seed secure.

As a wallet seed is unique it can be used as a substitute for a username / password combination in a traditional authentication system. To avoid exposing the wallet seed during the authentication process, you can instead send some funds from the wallet to prove you own it.

A website can receive these funds and create a linked account for you. Any future activity observed from the wallet can be used to access the newly-created linked account.

Which cryptocurrency should be used?

For authentication purposes a cryptocurrency should be evaluated under two categories: speed and cost.

Speed

When a user authenticates themselves on a website they expect it to be reasonably fast. If it takes longer than 5 seconds it’s bad UX and the user will end up frustrated. Therefore we cannot use cryptocurrencies with a long transaction confirmation time. These include, most notably, Bitcoin.

Cost

Paying for authentication is something that is completely foreign to website users, if not totally unacceptable. However in our example sending some funds is necessary to prove ownership of the wallet seed. If we can refund the funds then it may not be an issue. However the majority of cryptocurrencies have fees associated with any activity on the network. Therefore the ideal cryptocurrency for authentication should be fee-less to transact with.

Nano makes it possible

Taking into account speed and cost as our two deciding factors, the only choice that makes sense to use currently is the digital currency Nano.

Speed

Nano is extremely fast. Recent figures put the median transaction confirmation time at 0.2 seconds [1]. This is more than adequate for authentication purposes.

Cost

Nano is fee-less to transact with. Therefore offering refunds after authentication would return the exact amount of funds the user sent initially and would not leave them out of pocket.

Explaining the demo

As a proof-of-concept I’ve implemented a demo of this authentication system using Nano, available at https://nanocharts.info/passwordless/. It allows you to register and sign in to an account. This is accomplished 100% with Nano, no usernames or passwords are necessary.

‘Register with Nano’ and ‘Sign In with Nano’ buttons.

How it works

To register or sign in you must first specify your Nano address. You will then be asked to send a random amount of Nano between 0.000001 and 0.000099 NANO to one of a special range of Nano addresses designated for authentication purposes. The random amount is required as a security measure (see section “Attack vector — Squatting”).

The authentication system will listen on the network for a send transaction containing your Nano address and random amount of Nano specified. If it finds this transaction, this proves that you are in control of the Nano address. If this is a registration attempt then a linked account is created. If this is a sign in attempt you will be signed in to the linked account. The Nano amount sent is automatically refunded if it exactly matched the amount of Nano requested.

You can see an entire flowchart of the authentication process below.