All Blogs
MPC and Passkeys: When Security and UX Go Hand in Hand
Industry Insight
November 25, 2024

MPC and Passkeys: When Security and UX Go Hand in Hand

In this blog post, we delve into the synergy between MPC and Passkeys, creating a secure and seamless experience for Web3 products.
Table of contents
This is also a heading
This is also a heading
This is a heading
This is a heading
Book a Demo
Book a Demo
Share

The rapid evolution of Web3 has redefined how we interact with digital assets and decentralized applications. Yet, securing these assets while maintaining a user-friendly experience remains one of the greatest challenges, with Web3 wallets having a pivotal role, serving as gateways to this new digital economy. 

a By combining Multi-Party Computation (MPC) with Passkeys, wallet providers can finally achieve an unparalleled level of security alongside seamless and intuitive user experience, paving the way for mainstream adoption.

What Are Passkeys?

Passkeys are a modern, passwordless authentication method, that are a result of cooperation between industry giants such as Google, Apple and Microsoft. Passkeys are based on public key cryptography. Passkeys aim to replace passwords entirely by offering a frictionless yet highly secure login experience across multiple platforms.

Here’s how they work:

  1. When a user sets up a new service - a request to set up a passkey is prompted by the service provider, and then a key pair is generated - a private key that is stored securely on the user’s device and a public key that is shared with the service provider.
  2. When a user authenticates, whether to log in to the service or to approve an action, a request to prove the possession of the private key is prompted - often with biometrics like fingerprints or face recognition, eliminating the need for passwords.

Passkeys are a natural fit for Web3 wallets because they simplify the user experience while retaining strong security guarantees when combined with the right key management infrastructure.

The Case for Combining MPC and Passkeys

While MPC safeguards cryptographic keys behind the scenes, passkeys enhance the end-user experience during wallet access. Here’s why combining the two is a game-changer:

  1. Enhanced Security
    • MPC ensures that private keys are distributed and never exist as a single point of failure that can be stolen or lost.
    • Passkeys eliminate the need for passwords, which are often the weakest link in authentication. Biometric-based verification prevents phishing and brute-force attacks
  2. Seamless User Experience
    • Passkeys enable users to access their wallets with simple biometrics or device-based authentication. 
    • MPC runs invisibly in the background, ensuring security without adding friction to the process.
  3. Cross-Platform Accessibility
    • With Passkeys, users can authenticate across devices seamlessly.
    • MPC-based wallets are inherently multi-chain, enabling wallets to work with any app on any blockchain.
  4. Resilience Against Key Loss
    • Losing access to a single device doesn't mean losing access to the wallet, since Passkeys are synced between devices.
    • MPC settings, like 2-of-3, creates an additional end-user share that can be backed up with other methods or devices.

How This Works in Practice

Imagine setting up a Web3 wallet with this combined approach:

  1. Onboarding: You create your wallet, and MPC technology creates the private key in a distributed manner behind the scenes. One share is stored using the passkey itself, while the other is stored by the wallet provider.
  2. Authentication: Instead of a password, you use a passkey. With a quick biometric scan, your device verifies your identity, which in turn allows the wallet provider to verify your identity as well.
  3. Recovery: If your device is lost or compromised, you can recover access by verifying your identity on a new device, which your passkeys will be synced to. Your passkey will then be used to recover your share of the key and authenticate it with the wallet provider. 

This seamless yet secure process makes Web3 wallets as easy to use as popular Web2 applications while retaining their decentralized and secure nature.

Example: Passkeys.Foundation by Exodus is leading the charge in promoting passkey adoption in Web3 wallets. Combined with Sodot’s MPC, the security and UX are unmatched and address the long-standing pain points of Web3 wallet users.

This video was sourced from Passkeys.Foundation by Exodus.

Conclusion

The fusion of MPC and passkeys creates an ideal blend of security and usability for Web3 wallets. By eliminating single points of failure and simplifying the user experience, this approach can accelerate the adoption of Web3 technologies across diverse user bases.

For wallet providers, adopting this combined strategy signals a commitment to innovation, user empowerment, and robust security. As the Web3 landscape evolves, MPC and passkeys will undoubtedly be at the forefront of secure and intuitive digital asset management.

About Sodot

Sodot provides a self-hosted and highly performant MPC infrastructure for leading crypto custodians and wallets. We enable companies to seamlessly build great Web3 products with enterprise-grade security and delightful UX, the way they intend to, without limitations or dependencies.

Book a Demo
Book a Demo
Share

Related posts

Blog Image
Industry Insight
October 15, 2024

Risk Distribution with MPC: Hardening Key Management Security

This blog post provides a detailed look at how MPC can distribute risk and safeguard private keys, helping Web3 businesses strengthen their overall security posture.
Blog Image
Industry Insight
July 24, 2024

"Key Import" - A Feature with a Dilemma

This blog discusses what is "Key import", the tradeoffs of using it with MPC-based wallets, as well as key points to consider before using it.
Blog Image
Feature Spotlight
September 30, 2024

Disaster Recovery: Online and Offline Key Export

This blog discussed Key Export, the difference between online and offline Key Export, and how the different models affect the ability to access funds in disaster scenarios.