Open-source LiquidAuth can decentralize any
authentication communications, reducing risk for web3 and web2
users
BARCELONA,
Spain, June 26, 2024 /PRNewswire/ --
The Algorand Foundation, a nonprofit on a mission to power a
world where information has integrity and innovative ideas can
scale, has created a new implementation for decentralized
authentication and communication called LiquidAuth. An open-source
solution for authenticated peer-to-peer communication between
wallets and apps/dApps, LiquidAuth uses established
standards and protocols to resolve one of the crypto industry's
most significant threats: overreliance on the centralized wallet
communication provider WalletConnect.
While it emerged in response to the
centralization vulnerability of WalletConnect, LiquidAuth can be
deployed in any other traditional web applications (including
identity and authentication) for more secure and private
authentication.
LiquidAuth was developed to offer an open-source,
free-to-use, chain-agnostic, highly secure alternative to the
centralized provider WalletConnect. WalletConnect is a permissioned
solution nearly every crypto wallet provider uses to connect to
dApps. As a centralized provider, it represents a
single point of failure; as a protocol, its failure would affect
millions of wallets and users. The goal of developing LiquidAuth
and releasing it to the web3 community was threefold:
- Help adopt open, already established standards for
authenticated communications for web3 users. WalletConnect
does not provide authenticated communication between wallets and
apps, which is a severe security and data vulnerability.
- Provide an open-source solution for
developers. WalletConnect is not open-source. Not only must
apps be white-listed to use it, but developers must also seek
permission from the company to build on it or add
functionalities.
- Reduce the threat of censorship. WalletConnect has the
capacity to ban IP addresses and entire companies/blockchains from
using its services, and its position could allow it to control the
flow of information.
- Keep web3 decentralized - preserving its most important
element by removing our reliance on centralized components for
critical data flows, keeping critical infrastructure accessible to
all.
"For decentralized models to become the norm, the
industry must insist on higher standards for the security and
openness of critical infrastructure. We developed LiquidAuth to
bring these standards to the ecosystem, and we will continue to
dedicate significant resources to helping blockchains, wallet
providers, and web3 developers integrate them," said John Woods, CTO of the Algorand Foundation. "An
open and decentralized standard like LiquidAuth will improve
security across web2 and web3. It reduces the reliance on third
parties for ease of login, such as through email or social
accounts, and further decentralizes the communications layer
between applications, users, and services."
"The centralization of critical infrastructure is
an unacceptable security risk," he added. "To have truly robust and
accessible digital identity, digital ownership, and digital
privacy, we need open standards and protocols."
Commitment to Security
LiquidAuth
reflects the Algorand Foundation's ongoing commitment to upholding
the best practices of decentralization across web3. They are an
associate sponsor of the Open Wallet Foundation, which seeks to
build more tools and standards for interoperable wallets. Earlier
this year, the Foundation also co-announced the DeRec Alliance,
which seeks to offer a free, open-source, industry-standard
methodology that makes digital asset recovery easier and more
secure for all users.
Benefits of LiquidAuth
Digital assets
(including personal data) make online accounts and wallets a
frequent target of attacks. Ways to mitigate this risk include
using a password manager, adopting two-factor authentication,
adding physical security keys, and using passwordless logins.
However, in web3 and web2, the process by which this information is
communicated between accounts and apps/services/dApps
is not always secure or private. Where the communication is not
secure, it can be exploited to gain access to the account; where
communication is not private, user data and information can be
accessed. LiquidAuth is an open-source, free-to-use, secure
standard for better authentication communications.
- It is context and chain-agnostic. It can be used in any web2 or
web3 application (for example, Logging in with a wallet instead of
with Gmail or a social media account). It is interoperable
with other web3 technologies and standards.
- Its decentralized, secure design reduces the attack
surface. LiquidAuth does not require a central server to relay
messages between wallets and apps. It uses open standards such as
FIDO2 / Passkeys for authentication and does not store any user
data.
- LiquidAuth is an open-source project that is free to use and
modify. It is licensed under AGPL.
To understand the scale of WalletConnect's
security vulnerability, view the number of wallets relying on its
centralized service here.
About Algorand
Foundation
Algorand's mission is to power a world
where information has integrity and innovative ideas can scale. The
Algorand Foundation supports Algorand's rapidly growing ecosystem
by providing a best-in-class developer environment, supporting key
infrastructure and setting technical standards, offering
comprehensive support to builders and entrepreneurs, and providing
the framework for decentralized governance.
Founded by Turing Award-winning cryptographer
Silvio Micali in 2019, Algorand has
grown into a vibrant ecosystem of developers, entrepreneurs, and
enterprise partners that benefit from institutional-grade certainty
and resilience. Its fees, instant finality, and a minimal carbon
footprint appeal to the protocol's millions of retail users, and
developers of all kinds appreciate the ability to use common
programming languages like Python. Builders on Algorand are
creating protocols and companies that solve important problems at a
global scale: instant payments in war and disaster zones,
self-sovereign identity for the disenfranchised, supply-chain
traceability for global commerce, permissionless protocols
addressing financial inclusion, and the creation of entirely new
markets through tokenization, to name a few. To learn more and
start your journey on Algorand, visit algorand.foundation.
View original content to download
multimedia:https://www.prnewswire.com/news-releases/algorand-rolls-out-liquidauth-to-resolve-crypto-wide-security-flaw-centralized-wallet-communication-302182488.html
SOURCE Algorand Foundation