Open-source LiquidAuth can decentralize any authentication communications, reducing risk for web3 and web2 users
BARCELONA, Spain, June 26, 2024 /PRNewswire/ -- The Algorand Foundation, a nonprofit on a mission to power a world where information has integrity and innovative ideas can scale, has created a new implementation for decentralized authentication and communication called LiquidAuth. An open-source solution for authenticated peer-to-peer communication between wallets and apps/dApps, LiquidAuth uses established standards and protocols to resolve one of the crypto industry's most significant threats: overreliance on the centralized wallet communication provider WalletConnect.
While it emerged in response to the centralization vulnerability of WalletConnect, LiquidAuth can be deployed in any other traditional web applications (including identity and authentication) for more secure and private authentication.
LiquidAuth was developed to offer an open-source, free-to-use, chain-agnostic, highly secure alternative to the centralized provider WalletConnect. WalletConnect is a permissioned solution nearly every crypto wallet provider uses to connect to dApps. As a centralized provider, it represents a single point of failure; as a protocol, its failure would affect millions of wallets and users. The goal of developing LiquidAuth and releasing it to the web3 community was threefold:
- Help adopt open, already established standards for authenticated communications for web3 users. WalletConnect does not provide authenticated communication between wallets and apps, which is a severe security and data vulnerability.
- Provide an open-source solution for developers. WalletConnect is not open-source. Not only must apps be white-listed to use it, but developers must also seek permission from the company to build on it or add functionalities.
- Reduce the threat of censorship. WalletConnect has the capacity to ban IP addresses and entire companies/blockchains from using its services, and its position could allow it to control the flow of information.
- Keep web3 decentralized - preserving its most important element by removing our reliance on centralized components for critical data flows, keeping critical infrastructure accessible to all.
"For decentralized models to become the norm, the industry must insist on higher standards for the security and openness of critical infrastructure. We developed LiquidAuth to bring these standards to the ecosystem, and we will continue to dedicate significant resources to helping blockchains, wallet providers, and web3 developers integrate them," said John Woods, CTO of the Algorand Foundation. "An open and decentralized standard like LiquidAuth will improve security across web2 and web3. It reduces the reliance on third parties for ease of login, such as through email or social accounts, and further decentralizes the communications layer between applications, users, and services."
"The centralization of critical infrastructure is an unacceptable security risk," he added. "To have truly robust and accessible digital identity, digital ownership, and digital privacy, we need open standards and protocols."
Commitment to Security
LiquidAuth reflects the Algorand Foundation's ongoing commitment to upholding the best practices of decentralization across web3. They are an associate sponsor of the Open Wallet Foundation, which seeks to build more tools and standards for interoperable wallets. Earlier this year, the Foundation also co-announced the DeRec Alliance, which seeks to offer a free, open-source, industry-standard methodology that makes digital asset recovery easier and more secure for all users.
Benefits of LiquidAuth
Digital assets (including personal data) make online accounts and wallets a frequent target of attacks. Ways to mitigate this risk include using a password manager, adopting two-factor authentication, adding physical security keys, and using passwordless logins. However, in web3 and web2, the process by which this information is communicated between accounts and apps/services/dApps is not always secure or private. Where the communication is not secure, it can be exploited to gain access to the account; where communication is not private, user data and information can be accessed. LiquidAuth is an open-source, free-to-use, secure standard for better authentication communications.
- It is context and chain-agnostic. It can be used in any web2 or web3 application (for example, Logging in with a wallet instead of with Gmail or a social media account). It is interoperable with other web3 technologies and standards.
- Its decentralized, secure design reduces the attack surface. LiquidAuth does not require a central server to relay messages between wallets and apps. It uses open standards such as FIDO2 / Passkeys for authentication and does not store any user data.
- LiquidAuth is an open-source project that is free to use and modify. It is licensed under AGPL.
To understand the scale of WalletConnect's security vulnerability, view the number of wallets relying on its centralized service here.
About Algorand Foundation
Algorand's mission is to power a world where information has integrity and innovative ideas can scale. The Algorand Foundation supports Algorand's rapidly growing ecosystem by providing a best-in-class developer environment, supporting key infrastructure and setting technical standards, offering comprehensive support to builders and entrepreneurs, and providing the framework for decentralized governance.
Founded by Turing Award-winning cryptographer Silvio Micali in 2019, Algorand has grown into a vibrant ecosystem of developers, entrepreneurs, and enterprise partners that benefit from institutional-grade certainty and resilience. Its fees, instant finality, and a minimal carbon footprint appeal to the protocol's millions of retail users, and developers of all kinds appreciate the ability to use common programming languages like Python. Builders on Algorand are creating protocols and companies that solve important problems at a global scale: instant payments in war and disaster zones, self-sovereign identity for the disenfranchised, supply-chain traceability for global commerce, permissionless protocols addressing financial inclusion, and the creation of entirely new markets through tokenization, to name a few. To learn more and start your journey on Algorand, visit algorand.foundation.
SOURCE Algorand Foundation
WANT YOUR COMPANY'S NEWS FEATURED ON PRNEWSWIRE.COM?
Newsrooms &
Influencers
Digital Media
Outlets
Journalists
Opted In
Share this article