A fully decentralized digital identity solution

A website stores usernames and passwords in a database. When a user logs in, their device sends their password to the website which checks it against its records. However, databases are increasingly vulnerable to breaches. And while encrypting passwords offers an additional layer of security, storing them as plaintext is bad practice.

To make matters worse, user-generated passwords are easily hackable. Cybercriminals have a host of tools at their disposal, including spyware, phishing or brute force attacks where algorithms use trial and error to guess the right combination of letters, numbers and symbols.

Web3 authentication may seem like progress, but users are still vulnerable because they're limited to a single authentication factor. For instance, keys are typically stored on the device used to install a crypto wallet. If someone steals the device or gains access to it, the user loses control of their wallet.

Public key cryptography is an encryption technique that uses a pair of keys to encrypt and decrypt messages between two entities. The public key is similar to a username so it can be shared, but the private key needs to be kept secret, like a password.

Internet Identity leverages digital signatures, an application of public key cryptography, for the login process. To start, an app sends an authentication request to the user's device. The device takes the request and creates a digital signature using their private key and a cryptographic algorithm. The app then verifies the signature using the user's public key and approves the request.

Most modern computing devices contain a TPM (Trusted Platform Module) chip. One of the functions of a TPM chip is storing sensitive information, which in Internet Identity's case is a copy of a user's private key. When Internet Identity prompts the user to unlock their device, either by entering a PIN code or using biometrics such as fingerprint recognition, the TPM chip creates a new digital signature using their private key.

The user's private key is secure because the TPM chip is virtually impenetrable. The chip is built into their device's motherboard, and any attempt to tamper with it can cause irreparable damage.

A username for Web2 authentication generally links to an email address which acts as a unique identifier used by big tech to track a user's activity. In Web3's case, transparency may be one of the founding principles of blockchain technology, but it also means anyone can trace the transactions of an individual wallet address using a block explorer.

Cryptographic pseudonyms are digital identities which protect a user's privacy when online. They have a wide range of use cases, from messaging apps to social media platforms and Web3 dapps. Internet Identity creates a pseudonym every time a user logs in, preventing apps from tracking their activity.