Modern application development has wrestled with numerous shortcomings in the security paradigm.\u00a0 Blockchain can mitigate several of those shortcomings, but it requires devising means to integrate with conventional applications.\u00a0Mainstream cyber security businesses are already working on this, accelerating the blockchain-enabled security landscape.This article will give you an understanding of how crypto wallets work and the role they play in authentication.What is a crypto wallet?A crypto wallet is, at its heart, a software client that manages cryptographic keys.\u00a0In asymmetric cryptography, which blockchain is built on, two keys are generated that are known as a key pair.\u00a0 The public key is able to create encrypted cipher text that only the private key can decrypt.\u00a0 The pair can also be used to sign data, proving the sender holds the private keys (without revealing the private key).This arrangement is the result of ingenious mathematics first (publicly) devised by Diffie-Hellman using one-way functions.\u00a0 The outcome is that private keys allow for accessing confidential information while public keys allow for creating it.\u00a0 A public key is something like a magic envelope.\u00a0 When a letter is put in it, only the holder of the specific private key can open and read it.In the case of blockchains, the magic envelope exists on a publicly available datastore.\u00a0 Anyone can send data to a public location, but only the holder of the private keys for that location can access it.\u00a0 Blockchain addresses are also cryptographic entities.\u00a0 They are created in association with a public key.\u00a0 These addresses hold the cryptocurrency or other sensitive information.\u00a0 It can only be accessed with the private key that created the address.The upshot of this arrangement is that users need a convenient and secure way to hold their private and public keys for given blockchains.\u00a0 Wallets do this by making it easy to interact with the chain based on the private keys it holds.\u00a0 The wallet itself is secured with a password.\u00a0 The wallet also manages the public keys, giving users access to it when an address is needed for accepting transactions.Bridging applications and walletsCrypto wallets represent a user-friendly and familiar means of dealing with asymmetric key pairs.\u00a0 This is interesting to us in the context of authentication because a wallet can therefore be seen as a holder of identity.\u00a0 That identity can be used to authenticate users.\u00a0 All that\u2019s needed is a bridge between applications and wallets.Such a bridge is being explored by projects like Sign In With Ethereum (SIWE).\u00a0 Already companies like Auth0 are using technology like SIWE as an alternative authentication mechanism.\u00a0 It\u2019s surprisingly easy to use SIWE as a drop-in replacement for conventional logins like username\/password or single sign-on (SSO).\u00a0 This low bar to adoption means the path to widespread usage is easy to foresee.The advantages to this kind of wallet-based authentication are two-fold.\u00a0 First, the cryptographic nature of the identity makes it very secure compared to something like plaintext passwords.\u00a0 Second, federated SSO-like functionality is achievable without all the extra complexity and vulnerability that it implies.\u00a0 Put another way, the wallet can act as a single source of identity truth, usable across any number of applications.Even if you are not interested in cryptocurrency, your users may well be using wallets as a central authentication mechanism soon.How to use a crypto walletWallet-based authentication is an important idea with potent implications for the future of security, so let\u2019s get our hands on one and see how they work in general.\u00a0 This helps give a concrete sense of the user experience.One of the most popular wallets is the Metamask browser extension, which recently surpassed 30 million active monthly users.\u00a0 It is easy to use and supports several blockchains, most prominently Ethereum and its universe of tokens.\u00a0 Wallets generally come in two flavors: hardware and software.\u00a0 Software wallets like Metamask are often browser extensions and\/or mobile apps.\u00a0 We\u2019re going to explore it briefly as it\u2019ll give a taste of the general characteristics of all wallets.To get Metamask, go to metamask.io and click the download button for your browser.\u00a0 Once installed, open the metamask extension and click past the welcome screens.\u00a0 You\u2019ll be presented with a choice like Screenshot 1, between creating a new wallet or importing an old one. Matthew TysonScreenshot 1. Metamask: import or createI\u2019m going to pause here and introduce the concept of a seed phrase.\u00a0 A seed phrase is a set of words (usually 12 or 24 words) that act as a recovery mechanism for a wallet.\u00a0 If you had one, you\u2019d click \u201cImport Wallet\u201d and use it to regain access to your wallet.\u00a0 The seed phrase is something like a more human-usable alternative to the private key. The biggest message here is that a seed phrase must be kept secure, just like the private key.\u00a0 It can be used to access everything in the wallet.If you select \u201cCreate a Wallet\u201d from the import or create screen shown in Screenshot 1, you will first be asked for a password.\u00a0 That password will be used to access just this instance of the wallet.\u00a0 If you lose this wallet and recover it (on another device, for example) with your seed phrase, you will be asked to put in a new password to access that instance.\u00a0 In other words, the password is not something you can use to recover your wallet.\u00a0 Only the seed phrase can do that.Next in the Metamask wallet creation process, you\u2019ll get a look at your seed phrase.\u00a0 Again, this phrase is very important to keep secure.\u00a0 After this moment of creation, there is no way to recover this phrase.After confirming you have your seed phrase saved, you\u2019ll be presented with the main screen for Metamask, similar to Screenshot 2. Matthew TysonScreenshot 2. Metamask main screenThe first thing to make note of is the string below \u201cAccount 1,\u201d in my case here, it says \u201c0xa65\u20269321.\u201d\u00a0 That is the public key.\u00a0 If someone were to send you Ethereum, for example, you would use this as the address for receipt.\u00a0 To find the private key, you can click the ellipses at the upper right, then \u201cAccount Details\u201d and finally \u201cExport private key.\u201d\u00a0 Remember, the private key is sensitive information giving access to everything stored at that address on the chain.There is a lot of capability in Metamask and other wallets, but these are the fundamental properties.\u00a0 Let\u2019s get a look at logging in with the wallet.If you go to the Ethereum app explorer, you can see a wide range of apps that support Metamask.\u00a0 To see an application that is not financial, let\u2019s visit the Ethereum domain name app here.Click \u201cGo to App\u201d to get to the actual entry point. Metamask will automatically launch and you\u2019ll get a screen like Screenshot 3. Matthew TysonScreenshot 3. Log into Eth domain with MetamaskMetamask will inform you exactly what permissions the app is asking for (\u201cSee address, account balance, activity and suggest transactions to approve\u201d) and once you accept everything and hit \u201cConnect\u201d on the main screen, you\u2019ll see that you are now logged in.\u00a0 For example, there is now a \u201cMy Account\u201d link in the upper right nav bar.(For another non-financial app, look at GitCoin, a project that lets users earn ETH for writing open source code.\u00a0 This app combines typical authentication (via GitHub) and wallet-based.)Looking aheadAlthough we are just skimming the surface of things, we are getting a look at how authentication works in a blockchain wallet enabled app (often called dApps or distributed apps).\u00a0 The future of the web will include a large number of apps that are integrations between conventional apps (web2) and blockchain apps (web3).\u00a0 In general, these are all dApps, and authentication is the primary point of contact.Put another way, by supporting web3 authentication, otherwise unchanged traditional apps can tap into a central feature of the blockchain.\u00a0 Right now, decentralized identity is somewhat nebulous.\u00a0 As you have seen it\u2019s easy to create an identity out of thin air.\u00a0 Once that wallet contains important information (like currency holdings) that becomes important to the applications.\u00a0 In short, the wallet creates a highly secure and standardized mechanism for associating a user, the app, and the data the user chooses to share.This means the wallet becomes a two-way authentication mechanism, allowing for the two-way permissioning of information (as you saw when the user accepts what is shared).These use cases are already quite powerful but just scratch the surface of what may be down the road as governments, institutions, and businesses move to integrate with blockchains.\u00a0 For an interesting look at several identity and auth projects in the space, look at this post and when you do, bear in mind that many of these projects will soon be available for active use in the upcoming Auth0 marketplace web3 category.