MetaMask adds EIP-4361 so users can securely log into websites with its crypto wallet
MetaMask now supports “Sign In with Ethereum,” a feature that enables people to securely use its crypto wallet to authenticate web services.
The popular web3 wallet has implemented the EIP-4361 standard, which aims to provide a more standardized way for Ethereum account holders to authenticate themselves on off-chain services. The wallet project partnered with digital identity and data provider Spruce on this integration.
With EIP-4361 implementation, users of wallet projects like MetaMask can sign a standard message format to log in to websites. Supported websites will present users with a pop-up to review details, including the website name, session details and security mechanisms — such as a nonce — and verify the correct domain name to protect against unauthorized access from malicious sites. This offers a self-custodial alternative to centralized identity providers such as email or phone numbers.
“This is part of our ongoing effort to make confirmations more legible to our community. Our implementation also offers a ‘domain binding’ feature, which detects signatures/approvals from malicious URLs,” MetaMask said in a tweet.
Developers first introduced Ethereum Improvement Proposal (EIP) 4361, or Sign In with Ethereum, in 2021 as a mechanism for wallet providers to offer authentication with an Ethereum wallet for off-chain services.
Traditional websites usually rely on identity providers such as large internet companies and email providers, which are centralized entities with ultimate control over users’ identifiers, when signing in to popular non-blockchain services.
It is worth noting that MetaMask is not the first wallet provider to adopt such security standards. In February, competitor wallet provider Phantom also added an equivalent of ERC-4361 on the Solana blockchain.