Web3 Wallet adoption issues
The web3 wallet adoption is a big UX challenge. Access to accounts, metaverses, social networks, gaming could rely on a web3 wallet in the future and there are plenty of risks and issues for anyone wanting to create and maintain their account. Account creation can be complicated requiring multiple steps; remembering a wallet address, storing a secret seed phrase or private key to keep it safe so even if you are using different web3 apps, you may need these details at hand to access or ‘import’ these addresses and phrases into different wallets which raises many security and trust concerns and potentially loss of access.
This acts as a gate keeping issue that adds friction due to the high maintenance and security issues since many people would like a way to recover their account or have safeguards around hacked accounts. So what are the potential ways this can be resolved? We should look at what users are familiar with first.
What users are used to in Web2
There are 2 common account creation patterns -
Email and Password - Typical for ecommerce, gaming and platforms
Username and Phone number - Messaging
These methods usually contain verification such as email confirmation, or sms confirmation as part of the onboarding journey, but also provide ways for people to recover their accounts. Forgot password emails, or re-verification via SMS being the 2 most common ways to recover an account. This does rely on the platform/service holding and storing access credentials so users do not necessarily own the account or can have access removed.
Account Abstraction (AA) & MPC (Multi-Party Computation)
These 2 wallet methods help to provide potentially increased security and retrieval of accounts.
Put simply AA makes the wallet programmable which means account recovery can be coded in, transaction controls (how funds can be transferred), permission controls (how many people need to sign for a transaction, the levels of permission), which removes the need for private keys.
MPC splits the the private key into multiple parts allowing users to manage their assets without a single party accessing it. If the user loses their part of the private key, it can be recovered through backup and authentication, for example stored in a cloud service or linked to a social login.
You can read more on how MPC works here and on AA here.
Does this allow the service provider to control and gain access?
Yes and No. In terms of accessing the wallet, because the user will always control access because they hold a part of the key (MPC) or is required to sign (AA), it means no third party can access the wallet without the user. In terms of accessing the wallet, there is some reliance on third parties (e.g if a service provider is providing the co-signing capability), so it’s dependent on the implementation, for example, it could be friends or family, a custodial solution, or any potential service that acts as a cosigner.
What does this mean in terms of wallet creation?
The process can be as simple as create account and combining the access to your biometrics on your mobile device, using traditional Web2 methods for account creation, or extra security and controls if someone wants to use a provider that offers more protection (e.g a custodian could provide services behind a KYC account creation flow, link it up with 2FA access controls with requisite recovery controls).
It would eliminate the need to remember private keys, and store seed phrases and adds recovery options and security whilst also reducing the friction of wallet creation to familiar user patterns. The wallet can act as the ‘login credential’ for multiple services, social networks, gaming, finance etc.under the control of the user.