Seed phrases: Their time is over as the industry standard, says Zhen Yu Yong, CEO and Co-Founder, Web3Auth.
In my experience, crypto rookies and experts share a common gripe. Both camps tend to dislike the seed phrase, crypto’s stubborn industry standard when it comes to key management. Rookies find it difficult and unwieldy. Experts do too, and they’re particularly aware of the associated risks.
Seed Phrases: The Breakdown
For the uninitiated: a seed phrase is a unique phrase, often as long as 24 words, that stores all the information needed to access or recover individually-owned funds on the blockchain. Seed phrases are a form of authentication. Wallets typically generate a phrase for a given user, who must write it down for safe keeping. The number one thing Web3Auth does is provide an alternative to seed phrases.
Seed phrases are a simple way of managing a public or private key – think of this as a unique code used to sign transactions, prove ownership of a blockchain address, and open your crypto vault – and of recovering blockchain funds. They aren’t inherently bad, per say, and they are the current industry standard for key management. But they aren’t without some serious pitfalls. For one thing, they’re difficult to memorize. Anyone with the seed phrase can access the associated funds – there’s no way to restrict access to the owner of the funds.
Then there’s the obvious fly in the ointment: if you lose your seed phrase, and lose access to your funds, you’re absolutely out of luck. Lost seed phrases have resulted in the loss of 20% of bitcoin in circulation – a percentage some analysts value at roughly $140 billion. Every other day in the crypto ecosystem, somebody hears about their funds being stolen or lost. Seed phrases are a single point of failure. If you lose it, have it written down wrong, or it’s stolen, it’s gone, along with access to your funds.
Onboarding goes off the rails
Seed phrases also slow down the onboarding of new users, who need to first understand what it is and why they need it, and then go through the steps of generating and recording it before actually getting to use whatever crypto application they’re in the process of signing up for. This unnecessary delay is off-putting to users who are on the fence about crypto, and it’s just as frustrating for even the most advanced users.
Every user needs a public/private key to interact with any crypto application or any Web3 application, just as you need a specific key or a code to get into a safe. That’s the non-negotiable part. But how that key is managed, derived, or represented is not. Crypto keys can be derived from or represented as a seed phrase, but they don’t have to be. As long as a key can live on a user’s front end and a user can manage it very efficiently, then they don’t have to manage a seed phrase. That’s where we come in.
Old seed phrases, new growth
Web3Auth is trying to replace the seed phrase. A seed phrase works like a master password: it has to be entered exactly right (meaning there’s a single point of failure) and anyone can use it at any time. Web3Auth, on the other hand, resembles multi-factor authentication. We secure a user’s account by first splitting their keypad into multiple parts, which we then store on a number of access points that the user already owns.
Instead of writing down a seed phrase, users choose which access points they want to use. This can be a social log-in like Twitter, their phone, a backup email, and computer-generated recovery codes of their choosing. These logins and methods are intuitive and familiar to users. And because there are multiple access points, there’s no danger of losing all your crypto funds because you’ve lost a seed phrase. If you choose to make your phone an access point and lose your phone, you can still access your funds using another access point like a social login or backup email. We’re expanding on these access point options all the time. In each case, the point is to make the login process as seamless and familiar as possible, ideally with an authentication interface (like Twitter’s login process) they already use all the time.
By doing this, we’ve not only bypassed that single point of failure with seed phrases, but we’ve also reduced onboarding time. Web3Auth users can access their crypto-powered and web3-powered applications through social logins and the device that they’re on. No need to go digging up a seed phrase.
Ditching seed phrases
This improvement on the form is good for all users and for the ecosystem itself. There’s no reason bitcoin should be getting “lost” – certainly not to the tune of $500 billion. Seed phrases’ time as the industry standard is coming to an end thanks to its fatal flaw. And decentralized, intuitive authentication is the way forward.