Perhaps unsurprisingly, the internet login system is essentially as old as the internet itself. In the 1960s and 1970s, as the first computer networks took shape, so too did the need for user authentication. ARPANET, the predecessor to todayâs internet, implemented the first formal login systems when it began operations in 1969. These pioneering systems required users to input a username and password to access network resources, something billions of people would do trillions of times in the years since.
With the dawn of the World Wide Web in the early 1990s, web-based logins quickly became a staple, providing a gateway to personalized digital experiences. Yet, these early forays into user authentication were often marred by shockingly lax security standards. Many developers at the time saw little issue in storing passwords as plain text orâastonishinglyâembedding them directly within HTML code.
As the internet matured, so too did our approach to login security. The introduction of server-side scripting languages like PHP in the mid-1990s allowed for more secure password storage and verification. Encryption and hashing algorithms became standard practice, and two-factor authentication emerged as an additional layer of security.
Despite two-factor authentication and password managers, and despite the leaps and bounds made in other aspects of our digital lives, the basic username-password combo has stuck around like an unwanted party guest.
The Scale of the Login Challenge
Enter blockchain â or not. Because despite blockchain making leaps and bounds in industries from healthcare to logistics, logins are one area where distributed ledger technology (DLT) hasnât proven useful.
Ok, so letâs talk about why. For context, LastPass conducted a survey that stated that the âaverage user has ~70 passwords to manage, and that users could log in 20-30 times per day.â NordPass, in a similar survey stated that âaverage users spend about 15 minutes of each day logging in and out of accounts.â At 30 seconds to 1 minute per login, that means NordPassâs survey would imply roughly 15-30 logins per day.
To be conservative, letâs assume the lowest number here â 15 logins per day. The world has a population of 8 billion people, of which 85% have access to smartphones, which could be a proxy for access to technology where logins are required.
Therefore, a super rough estimate of logins across the entire world per day is .85 x 8 billion x 15 logins, which equates to ~102 billion logins a day, or 1.2 million per second.
The Cost and Scalability Problem
Ethereum, one of the most popular blockchain platforms, can handle only around 6 zero-knowledge proof verifications per second. For blockchain to singularly replace traditional login systems, we would need the capacity of nearly 200,000 Ethereum-like blockchains working simultaneously â and thatâs before we account for other transactions that happen on these networks. Simply put, blockchain in its current form lacks the scalability to manage even a fraction of the worldâs daily authentication demands.
But capacity isnât the only problem. The cost of verifying logins on a blockchain like Ethereum could be extremely high. As a base case, letâs assume that the cost in gas units per login is the absolute minimum cost per transaction on Ethereum which is 21,000 gas units For reference, right now, Ethereum is priced at $2,400 per ETH. Letâs break it down.
Assume that one gas unit on Ethereum costs 5 gwei, and 1 gwei equals 1/1,000,000,000 ETH. This means 240 million login verifications, each using 21,000 gas, would cost around $60.5 million per day, with Ethereum priced at $2,400 per ETH.
And to top it off, all that cost would be burnt on Ethereum, meaning no one in the network would earn any revenue from it.
This is not sustainable.
Logins simply canât cost as much as verifying a transaction on a public ledger. The decentralization of blockchain, while offering great security and transparency bonafides, comes with a financial premium that makes it impractical for something as mundane yet ubiquitous as logging in to your favorite website.
Squaring the Circle
Still, zero-knowledge proofs (ZKPs) offer a glimmer of hope in an otherwise bleak landscape. ZKPs allow users to prove their identity without revealing any sensitive information â a far cry from todayâs world, where personal data is scattered across thousands of databases, each a potential target for hackers. In theory, blockchain-powered logins using ZKPs could usher in a new era of privacy, one in which passwords and usernames are relics of the past.
But theory and practice rarely align so neatly. While ZKPs may solve some privacy concerns, they introduce other issues, namely the need for significant computational resources and the current high cost of verifying these proofs.
As mentioned earlier, Ethereum struggles with these demands, and while other blockchains like zkVerify are working to drive down costs dramatically, the technology is not quite ready for widespread deployment. And then thereâs the challenge of user experience. Most internet users arenât cryptography experts, so any new system needs to be as seamless as the current, albeit flawed, username-password combination.
UX issues shouldnât be sniffed at either. Just because something is technically superior, it doesnât necessarily mean itâll be widely adopted (take the Linux OS as a great example). The industry must combine both if it is to succeed.
While logins shouldnât carry any direct costs, they often do, hidden in the services we use. Worldcoin offers a blockchain-based login solution using retina scans to authenticate users with zero-knowledge proofs, verified on the Optimism blockchain. Although this process costs just $0.0033 per login, when scaled to 240 million logins per day, the expense reaches an unsustainable $800,000 daily.
While this is a 98.5% reduction compared to Ethereum, the system operates on a different, more centralized layer, trading off decentralization for scalability. In contrast, cloud services like AWS Cognito offer a much cheaper alternative, costing $0.0025 per user per month, making the blockchain option 98.5% more expensive. Clearly, blockchain logins have room for improvement.
So, where does that leave us? Blockchain has the ingredients to disrupt logins, if not a clear recipe to get it done. As advancements in cost efficiency and scalabilityâsuch as zero-knowledge-powered Layer 2 solutionsâcontinue to develop, we could be approaching a tipping point. While blockchain-based systems currently struggle to compete with the low-cost, high-speed infrastructure of cloud providers like Amazon and Google, the scales are tipping in its favor.
Mentioned in this article
Be the first to comment