Spending time online for work or play requires all of us to gain access to different websites, apps and service providers; usually, this is done through an email account or sometimes a phone number, but these methods become tedious as the number of websites we want to access increases.
The need for a universal identity becomes evident as we spend more time online, using different apps, websites and protocols. Imagine for a second you had to create a username and password and keep track of every site or service you used; it would be a nightmare and create so much friction for app developers and online service providers.
Thankfully with help from universal logins, we don’t need to do all that admin; today, we can create an account with one preferred provider and then leverage this one account to move in and out of other apps.
Universal logins are a single sign-on service that allows users to sign in to websites and apps using their preferred account credentials. This means users don’t have to create a new account or remember a separate password for each website or app. Login with Google is a popular option for many websites and apps because it’s convenient and secure.
- Convenience: Universal logins allow users to sign in to multiple websites and apps using a single set of credentials. This can save users time and effort, as they don’t have to create a new account or remember a separate password for each website or app they use.
- Security: Universal logins can be more secure than traditional login methods, such as username and password because they use two-factor authentication (2FA) or other methods to verify a user’s identity. 2FA requires users to enter a code from their phone in addition to their username and password, making it more difficult for hackers to gain unauthorised access to an account.
- Ease of use: Universal logins are generally easy for users and website owners. Users can sign in with a single click, and website owners don’t have to worry about managing user accounts or passwords.
- Adoption and network effects: Many popular websites and apps, such as Google, Facebook, and Twitter, offer universal logins. Universal login makes it easy for users to sign in to various websites and apps using single credentials. Apps are encouraged to provide these login services, which build on the network effects of Google, Apple or Meta.
As a result of these advantages, universal logins are becoming increasingly popular with users and website owners. They offer a convenient, secure, and easy-to-use way for users to sign in to websites and apps, and they can help website owners reduce the burden of managing user accounts and passwords.
Today you have the option of logging in with services like
- Meta (Facebook or Instagram)
- X (Previously Twitter)
- Microsoft (Microsoft or Linkedin Account)
- Apple
- Google (Gmail)
How does Universal Login work?
When users sign in to a website or app using a Universal Login (Like their Gmail or Google account), they are redirected to the Google login page. On the Google login page, the user enters their Google username and password.
Once logged in, you are automatically signed in to the website or app. These universal login services use OAuth 2.0, an open standard for authorisation OAuth 2.0 allows websites and apps to access certain information from a user’s respective account without giving them full access to the account, which helps to protect user privacy.
Cons of Login with a third party service
Universal logins are convenient and lower the barrier to entry to access websites and manage accounts, but they are not perfect; there is always a trade-off when we opt for convenience. There are a few potential drawbacks to using a Universal login tied to a central party, including:
- Single point of failure: If a user’s Google, Microsoft or social media account is compromised, they could lose access to all the websites and apps tied to the universal login.
- Data collection: Google, Microsoft and social media apps collect data about the websites and apps users sign in to using Login with their service. This data can be used to target users with advertising.
- Privacy concerns: Users who are concerned about the amount of data that Google collects about them when they use Login would do well not to use universal logins as all these additional data points are tracked.
Nostr fixes this.
Currently, relying on tech companies for your universal login is the only option, but with open-source protocols like Lightning and Nostr, you have new options. Lightning allows you to log in using your LSAT and Macaroon to authenticate your account, but it has limitations.
Login with Lightning requires access to remote keys, and logging in with Nostr requires access to local keys, ideally stored in a browser extension. Now if your Lightning node goes down or you lose your connection, you also can’t auth with any service. If you’re using a custodial wallet or third-party service like an LSP, you’re trusting their node and basically moving your security and privacy assumptions to another custody provider.
Lightning pubkeys contain sensitive information and can leak confidential financial information, which is something many would not feel comfortable with and would prefer to keep their financial activity and other activity separate. Nostr public keys are safe to share with anyone as they are not tied to your Bitcoin activity.
Authorising with Nostr shares a real social identity with the service; applications can query your Nostr social graph, which is useful to show users you already know using a new service and provide you with a richer experience and limit spam.
A Lightning node is also not an exact identity but a unique identifier. It just tells you the person that authorises is the same random person that authed last time; it doesn’t tell you who they are.
A nostr pubkey is an identity. It tells a provider who you are, your name, what they look like, who they know, how you can pay them, and how you can message them. This is much more useful as an identity layer for an application. The application can show their profile picture and username, send secure cross-platform push notifications via NIP-04 encrypted Nostr DMs, etc.
Enabling Nostr-Auth applications can use it as part of talking to the broader nostr infrastructure, like the relays, or simply as a signal that this is an honest account and provide access to the specific service.
Bitcoin wallets can become your universal account.
Browser wallets like Alby have already proven that Lightning and Nostr can work together in a seamless interface, and as more Bitcoin wallets support nostr, they expose users to the ability to use public and private keys for more than making financial transactions, and they’ll want to experiment.
Since your Bitcoin hot wallet would only need to store your private key locally on the device and allow you to sign, you’re not tied to one wallet, and you can move between software that offers you the best solution.
It would make sense for most users who use a Bitcoin wallet to store a nostr private key, a delegated nostr key or use your wallet as a proxy with your nostr signing device; it would really be up to you and how secure you’d like to keep your keys. This gives Bitcoin wallets more utility and a reason to open them other than performing transactions and gives users a way to access services without the need to provide an email address or phone number, which often gets leaked and leads to spam.
Universal logins are not without a cost.
Universal logins are a convenient and secure way for users to sign in to websites and apps. However, there are a few potential drawbacks. Ultimately, it is up to each user to decide whether or not the benefits of Login with Google outweigh the potential drawbacks. Having alternatives in nostr and LN-auth are great, but they are not ready-made solutions for you to switch to right now. Their network effects must grow at massive multiples before website owners and webmasters see it as a worthwhile option for logins.
Do your own research.
If you want to try out nostr auth or learn more about them, we recommend checking out the following resources to kickstart your research.
Are you on Nostr?
If you are a Nostr user and want to hang out and chat with us or follow our content on your preferred Nostr front end, feel free to add us using our PubKey below and send us a Zap if you’ve got sats to spare.
npub10mxnle348mzv2dnj0ylgz3zu9gceenc29x9fr4m6mnars66j7vxsnkn8mj
The Bitcoin Manual’s Nostr Pubkey
Please give us your notes.
If you have used Nostr, which client do you prefer and why? Are there any clients that you think deserve mention? Let us know in the comments down below.
