Solana’s Phantom Wallet, a secure non-custodial browser wallet, has announced the implementation of three new security standards for its users. In a blog post on February 9th, the Solana-based wallet stated that it now supports three “Sign In With” (SIW) standards: Sign In With X, Sign In With Ethereum, and Sign In With Solana.
The introduction of these open standards aims to protect user privacy and improve the security of web3 authentication. By adopting one of these standards, decentralized applications (dApps) can prevent phishing attacks and the interception of sign-in messages.
Protecting the Privacy of Solana Users with SIW Standards
Signing messages is a common practice when connecting a wallet to a dApp. It is used to prove ownership of the wallet, allow dApps to store information connected to the address, and prevent unauthorized access to the account.
However, generic sign-in messages are vulnerable to phishing attacks, where one domain can impersonate another and use the signed message to log in to a site on behalf of the user. SIW standards take the guesswork out of wondering if the user is vulnerable to such attacks.
If a dApp opts-in to an open auth standard like CAIP-122 or EIP-4361, Phantom will validate the required message fields, such as the site’s domain, the time at which the message was issued, and a nonce that prevents signature replay attacks.
This added layer of security ensures that phishers cannot intercept generic sign-in messages and impersonate users. For Phantom users, this feature will not be noticeable. Phantom will only validate message fields if a dApp opts-in to one of the SIW formats.
If a site opts-in to a SIW format and the required fields are invalid, Phantom will display a warning. Users who are confident that they are on the right site can choose to ignore the warning and sign the message.
Looking ahead, Phantom believes that the ecosystem will eventually move towards fully adopting SIW standards as a chain-agnostic solution to generic sign-in messages.
However, the implementation of these standards is an important step toward providing a secure and decentralized alternative to centralized identity providers.
Nevertheless, the new SIW standards are entirely opt-in, and dApps that do not want to use them can continue to use generic messages as usual. This new feature is part of Phantom’s suite of security features and will provide additional protection for Solana users.
Related Reading | Polygon (MATIC) Surges On The Launch Of Virtasy Bollywood NFT Marketplace