One of the most critical aspects of standardizing Sign-In with Ethereum is allowing wallets to interpret messages for better UX and increased safety when users sign into apps and services.
We're now happy to announce a significant step forward in Sign-In with Ethereum adoption with a direct integration into MetaMask.
Previously, when users were prompted to sign a SIWE message, they were given a human-readable message to sign, as installed by the app-specific developers. This included things such as:
- The intent of the user (wanting to sign in)
- Additional statements (such as agreeing to a Terms of Service), and
- Other information, such as the domain where the user was and a nonce
However, until SIWE adoption became more prevalent, it was challenging to include additional UI/UX enhancements within the wallet layer to create an even better user interaction for signing in. When wallets expect a standardized message format for signing, they can build much better UX to create “Sign-In” experiences more closely aligned with what we expect in traditional web applications.
Now, when an app or service follows the Sign-In with Ethereum standard, MetaMask can parse that message and give the user a friendlier interface – prompting them to “Sign-In” rather than sign a message:
The required fields are still prominently displayed for the user, but the intent has now been clarified: this is a "Sign-In request."
The intention of the message, and the action the user is taking, are made much more evident. This is a leap forward for user safety in Web3, where users could previously be easily confused about whether they were signing into a service versus authorizing a malicious actor to transfer assets out of their account. Now, in Metamask, users can expect to see a “Sign-In” button and a user experience much more similar to what they would expect in a Web2 application.
Another prominent feature of this integration that improves user safety in Web3 is domain binding. Domain binding is present to make sure users don't become the victim of phishing attacks when sites ask users to sign in, but the message doesn’t match the website they’re actually on. If this happens, the user is prompted with a warning and they must explicitly select to move ahead, accepting the risks of a potential phishing attack.
These efforts to provide user-friendly security and safety enhancements across Web3 wallet experiences should increase the sense of confidence that users have interacting with dapps.
We look forward to working with additional wallet providers to continue offering user protections and benefits through Sign-In with Ethereum, and with developers in the space looking to integrate the standard.
For developers, we recently released SSX as the easiest way to get started with Sign-In with Ethereum and incorporate these newly improved signing-in experiences with MetaMask for end users. At Spruce, we will continue to make Sign-In with Ethereum as easy as possible to integrate and continue extending SIWE capabilities beyond authentication to enable users to control their identity and data across the web.
Through this collaboration with MetaMask to integrate Sign-In with Ethereum, we are happy to address some of the major concerns we repeatedly hear in Web3 - user safety and user experience - and look forward to future enhancements to come.