|
Algorand rolls out LiquidAuth to resolve crypto-wide security flaw: centralized wallet communication
Thursday, July 4, 2024
Open-source LiquidAuth can decentralize any authentication communications, reducing risk for web3 and web2 users
BARCELONA, Spain, June 26, 2024 /PRNewswire/ -- The Algorand Foundation, a nonprofit on a mission to power a world where information has integrity and innovative ideas can scale, has created a new implementation for decentralized authentication and communication called LiquidAuth. An open-source solution for authenticated peer-to-peer communication between wallets and apps/dApps, LiquidAuth uses established standards and protocols to resolve one of the crypto industry's most significant threats: overreliance on the centralized wallet communication provider WalletConnect.
While it emerged in response to the centralization vulnerability of WalletConnect, LiquidAuth can be deployed in any other traditional web applications (including identity and authentication) for more secure and private authentication.
LiquidAuth was developed to offer an open-source, free-to-use, chain-agnostic, highly secure alternative to the centralized provider WalletConnect. WalletConnect is a permissioned solution nearly every crypto wallet provider uses to connect to dApps. As a centralized provider, it represents a single point of failure; as a protocol, its failure would affect millions of wallets and users. The goal of developing LiquidAuth and releasing it to the web3 community was threefold:
-- Help adopt open, already established standards for authenticated
communications for web3 users. WalletConnect does not provide
authenticated communication between wallets and apps, which is a severe
security and data vulnerability.
-- Provide an open-source solution for developers. WalletConnect is not
open-source. Not only must apps be white-listed to use it, but
developers must also seek permission from the company to build on it or
add functionalities.
-- Reduce the threat of censorship. WalletConnect has the capacity to ban
IP addresses and entire companies/blockchains from using its services,
and its position could allow it to control the flow of information.
-- Keep web3 decentralized - preserving its most important element by
removing our reliance on centralized components for critical data flows,
keeping critical infrastructure accessible to all.
"For decentralized models to become the norm, the industry must insist on higher standards for the security and openness of critical infrastructure. We developed LiquidAuth to bring these standards to the ecosystem, and we will continue to dedicate significant resources to helping blockchains, wallet providers, and web3 developers integrate them," said John Woods, CTO of the Algorand Foundation. "An open and decentralized standard like LiquidAuth will improve security across web2 and web3. It reduces the reliance on third parties for ease of login, such as through email or social accounts, and further decentralizes the communications layer between applications, users, and services."
"The centralization of critical infrastructure is an unacceptable security risk," he added. "To have truly robust and accessible digital identity, digital ownership, and digital privacy, we need open standards and protocols."
Commitment to Security
LiquidAuth reflects the Algorand Foundation's ongoing commitment to upholding the best practices of decentralization across web3. They are an associate sponsor of the Open Wallet Foundation, which seeks to build more tools and standards for interoperable wallets. Earlier this year, the Foundation also co-announced the DeRec Alliance, which seeks to offer a free, open-source, industry-standard methodology that makes digital asset recovery easier and more secure for all users.
Benefits of LiquidAuth
Digital assets (including personal data) make online accounts and wallets a frequent target of attacks. Ways to mitigate this risk include using a password manager, adopting two-factor authentication, adding physical security keys, and using passwordless logins. However, in web3 and web2, the process by which this information is communicated between accounts and apps/services/dApps is not always secure or private. Where the communication is not secure, it can be exploited to gain access to the account; where communication is not private, user data and information can be accessed. LiquidAuth is an open-source, free-to-use, secure standard for better authentication communications.
-- It is context and chain-agnostic. It can be used in any web2 or web3
application (for example, Logging in with a wallet instead of with Gmail
or a social media account). It is interoperable with other web3
technologies and standards.
-- Its decentralized, secure design reduces the attack surface. LiquidAuth
does not require a central server to relay messages between wallets and
apps. It uses open standards such as FIDO2 / Passkeys for authentication
and does not store any user data.
-- LiquidAuth is an open-source project that is free to use and modify. It
is licensed under AGPL.
To understand the scale of WalletConnect's security vulnerability, view the number of wallets relying on its centralized service here.
About Algorand Foundation
Algorand's mission is to power a world where information has integrity and innovative ideas can scale. The Algorand Foundation supports Algorand's rapidly growing ecosystem by providing a best-in-class developer environment, supporting key infrastructure and setting technical standards, offering comprehensive support to builders and entrepreneurs, and providing the framework for decentralized governance.
Founded by Turing Award-winning cryptographer Silvio Micali in 2019, Algorand has grown into a vibrant ecosystem of developers, entrepreneurs, and enterprise partners that benefit from institutional-grade certainty and resilience. Its fees, instant finality, and a minimal carbon footprint appeal to the protocol's millions of retail users, and developers of all kinds appreciate the ability to use common programming languages like Python. Builders on Algorand are creating protocols and companies that solve important problems at a global scale: instant payments in war and disaster zones, self-sovereign identity for the disenfranchised, supply-chain traceability for global commerce, permissionless protocols addressing financial inclusion, and the creation of entirely new markets through tokenization, to name a few. To learn more and start your journey on Algorand, visit algorand.foundation.
View original content to download multimedia:https://www.prnewswire.com/news-releases/algorand-rolls-out-liquidauth-to-resolve-crypto-wide-security-flaw-centralized-wallet-communication-302182488.html
SOURCE Algorand Foundation
|
|
|
|
|
|
 |
Dream Vacations Transforms Travel Booking Experience with New Website | Mar 28, 2025
|
|
Land id(TM) Partners with The Land Report to Profile America's Largest Landowners | Mar 28, 2025
|
|
New medical technology pilot environment established in Finland aims to slash market entry time of patient-friendly solutions | Mar 28, 2025
|
|
Playcasino.co.nz Releases Comprehensive Guide to Online Casino Payment Methods for NZ Players | Mar 28, 2025
|
|
MetAI to Debut AI-Powered Controller Simulator at NVIDIA GTC 2025, Advancing Digital Twins for Industrial Automation | Mar 28, 2025
|
|
Netflix Worldwide Exclusive Streaming Anime"The Summer Hikaru Died" Reveals Main Trailer and New Cast Members, Yumiri Hanamori, Wakana Kowaka, and Chikahiro Kobayashi | Mar 28, 2025
|
|
Constructor Unveils Retail Media Suite with Personalized Sponsored Listings and Retail Media Network Integrations | Mar 28, 2025
|
|
Appcast Named a 2025 Google Premier Partner | Mar 28, 2025
|
|
Hy-Vee RedMedia Partners with Instacart to Further Retail Media Capabilities | Mar 28, 2025
|
|
New Website Developed by Flightpath, A Ruder Finn Company Launched by Goya Foods | Mar 28, 2025
|
|
|
|
