LocalEthereum Now Integrates With Popular Ethereum Wallets
You can now connect your favourite wallet to LocalEthereum instead of using a username and password combination. This means users can now choose to use an external wallet like imToken or MetaMask instead of LocalEthereum’s built-in web wallet.
LocalEthereum has always been an outlier dApp because it uses usernames and passwords rather than connecting with a browser extension like MetaMask. We made this decision because we didn’t want to create a hurdle for users new to Ethereum.
Recently, we re-visited that decision and decided to enable both methods: we’re keeping the current username & password model, and we’re adding support for users to sign in with their wallets. When new users create an account, they can choose whether to create a password-protected account or a wallet-protected account.
How it works
If you’ve used another dApp before, such as CryptoKitties or a decentralized exchange like IDEX, you’ll probably already know what to expect. The process of using an external wallet will feel similar to most decentralized applications in existence.
1. To log in, sign a message with your wallet.
You don’t need a password. Instead, pick your wallet at the login screen, and approve a signature request. By the way, it’s very important to keep these signatures private, because an intruder could use them to log in to your account and decrypt messages.
2. Funds will go directly to and from your wallet.
Ether you receive from a purchase will go directly into your wallet, and ether you put into escrow will go directly from your wallet into the escrow smart contract. This is cool because we get to show off the non-custodial aspect of the platform.
3. Each time you do something such as click the “release” button on an escrow, sign another message.
To interact with an escrow, the smart contract needs a signed instruction from your wallet. Whenever you do something such as release funds from escrow or mark a trade as paid, approve the signature request in your wallet.
Soon: Buy and sell ETH using your favourite wallet (e.g. Ledger, MetaMask).
— LocalEthereum (@LocalEthereum) October 13, 2018
In the video, I'm trading ETH from a Ledger to a Ledger — using the escrow smart contract. The process is the same, except you don't need to put ETH in your LocalEthereum web wallet. 🚀 pic.twitter.com/qGznu6ezL8
How it’s different
No matter what account type you use, messages are still encrypted using the same techniques, and your ether never touches our server. The key difference is in the log-in flow, and the separation between LocalEthereum and your wallet.
Using an external wallet, you don’t need to use an built-in wallet as a go-between when buying and selling ether. The platform will detect your wallet address automatically, and your wallet will integrate with the escrow smart contract directly.
You don’t need to remember a password, because a signature from your wallet is the key to your account. This is positive as passwords are quickly becoming obsolete.
Password-less authentication is the future
Humans aren’t good at coming up with unique passwords: the 10,000 most popular passwords can unlock a staggering 98% of online accounts. We’re also terrible at remembering the passwords we come up with and keeping them safe from hackers.
On the contrary, computers are great at generating strong passwords. They’re also getting really good at keeping them secure. Have you heard about this amazing thing called cryptography?
While there remains usability issues to tackle with password-less authentication, we believe the future is clear: by 2030, your fingers will only be required for poorly-aged banking portals and lonely government websites that haven’t been touched in decades.
Help me decide
Not sure which account type to choose? Both options have their pitfalls — it’s only 2018, and usability in dApps isn’t where it should be yet. To determine which account type suits you best, we recommend evaluating the potential downsides of both options.
Downsides to using a password-protected account:
- Passwords are generally less safe. Passwords can be stolen by key-loggers, viruses, and phishing websites, and the passwords humans come up with are usually weak and re-used.
- You’re trusting that our built-in wallet code is good. Our built-in web wallet is non-custodial, meaning that the private key is encrypted in your browser and hidden from us, and we store no ETH on our server. We promise that our code is safe, however the premise of cryptocurrency is that you shouldn’t trust anyone; in essence, relying on promises is an outdated and weak security practice.
- If you lose your password, we can’t recover your account. Your password is the key to your account and, because of the way encryption works, we can’t recover lost keys.
Downsides to using a wallet-protected account:
- To use your account on multiple devices, you need the same wallet on each device. For example, if you signed up with MetaMask and you want to use the imToken mobile app to trade on the go, you need to export your desktop wallet seed and import it on your phone.
- Tasks that are otherwise one-click may take more effort. Escrow instructions have always required signed messages, however with the built-in web wallet they only need one click. To mark a trade as paid or to release an escrow, you need to approve a signature request in your wallet.
- If you lose your wallet, we can’t recover your account. Your wallet is the key to your account and, because of the way encryption works, we can’t recover lost keys.
If you’re still unsure:
We recommend newbies stick to using a password-protected account until they’re comfortable with Ethereum wallets and decentralized applications. Keep in mind, though, there’s no way to convert between the two options after the account has been created. If you want to go with the alternative option, you will have to create a new account.
Supported wallets
The platform works with all web3 wallets and dApp browsers. In the future, we’ll be adding support for other wallets, including lesser-known hardware wallets and the WalletConnect protocol.
Our recommended wallets:
imToken is the world's most popular Ethereum wallet, which currently produces ~10% of all Ethereum transactions. We've worked closely with the imToken team to ensure the integration provides the best experience.
Trust Wallet is a secure and open source mobile wallet for Ethereum network tokens, available for Android and iOS devices.
MetaMask is a browser extension and the most popular Ethereum wallet to access dApps on the desktop.
Ledger is a popular cryptocurrency hardware wallet that comes in the shape of a USB drive.
Coinbase Wallet is an easy and secure crypto wallet. Anyone anywhere in the world can use Coinbase Wallet to store all their digital assets in one place, pay others in crypto and use decentralized apps.
Technical details
We appreciate Tristan King of Bakken & Bæck for inspiring our login mechanism. Tristan came up with the idea to use existing Ethereum wallet signatures (i.e. signatures from eth_sign) as wallet-derived secrets, while keeping our current encryption systems intact.
The implementation is compatible with EIP-1102, a standard being rolled out on November 2nd to provide greater privacy in Ethereum dApp providers such as MetaMask.
We’ll update the LocalEthereum technical whitepaper soon to describe the technical specifications of our implementation. As far as we know, the way LocalEthereum connects accounts with wallets is currently unique, and we hope to see other dApps draw inspiration from it.