Some Thoughts About everID
We all know that Web3 has some "particularities" that hinder mass adoption, probably with the most painful being the peculiar user experience that it delivers. We won't talk about the siloed character of each chain that transforms them into unwilling moats - use all the dApps of one ecosystem or experience risks and hurdles if you want to bridge to another chain.
Today's article is about the most visible UX problem that plagues Web3 (and yeah, I know that for most of you, this is not a problem, but a feature): registration and login/key management.
As I said, I know that for most Web3 natives, this is not a problem; still, several other billions of potential users don't consider spending more than a blink of an eye for a login or a payment. Should we just boo them until they'll get the importance of "not your keys, not your...everything", or should we try to find alternatives?
EverVision, just did it:
How does it work?
We won't bother you too much with what everId is. For that, you can check their introductory article right here. In a nutshell, everId represents a method to register and connect to dApps with (but not only) your email address, regardless of being on Android, Windows or IOS. No Web3-like wallet experience, not even a traditional Web2 experience, because this method circumvents even the need for a casual password.
So, let's just dive into it and test everId. By the way, you can do it yourself at beta-dev.everpay.io (even if the official period of testing has ended, you can still give it a try, however, keep in mind that everVision already handed the prizes to users that participated in the testing phase).
Once you are there, you'll find some simple "login/register" buttons, one in the far right corner of the UI and one in the middle of the page. Whichever you choose to push, you"ll be directed to this view:
As you can see, you'll encounter some well-known logos - Metamask, ArConnect etc. - so it's clear that if you want, you can use the already-established Web3 addresses when you set up your everId. Still, the input field is settled by default to register with the email address. Why? Simple, because even if everId supports different types (Email, Nickname, DEFI Address(EVM Address, AR Address, EOS Address, BIT Address, etc.), the one that aims directly at Web2 users is represented by email.
Choosing this path will allow you to enter your email address, and while pushing next, you'll receive a time-sensitive code that you should introduce into the subsequent view:
Let's pause for a moment
At this step, the magic that happens in backstage kicks in and in some cases, it will take you by surprise. everId is based on WebAuthn - a set of standards maintained by the World Wide Web Consortium and FIDO Alliance (more about all of those in just a second) that, besides others enables passkeys (a way of navigating the web passwordless and arguably under more secure conditions than through other login methods). Now, this method is dependent on the device you are registering from because it needs to access the security chip of your hardware, so, if you are like me and don't rely on Windows Hello to login into Windows, you may get a similar message with this one:
If you are using an Android device or an Apple device, you may encounter similar messages because this method asks for biometric input.
To be honest, I didn't turn on Windows Hello, and instead, I opted for registering from my Android phone using my fingerprint. However, from my PC, I registered with my Arweave address (it doesn't request biometric input in this case, it asks you only to sign a TX with your Arweave wallet) and then requested some test tokens from everPay faucet and then sent some to the entity represented by my email address that I made on my mobile device.
Now, please excuse my digression, but I did it to showcase the potential of this path that everVision opens for the entire Arweave ecosystem: a cross-everything implementation that reduces the time of onboarding to a mere minute and functions out of the box with almost all the existent devices. Right now, it's just a beta version on their testnet (I'm actually proud that I found a bug myself - btw if you test it, please look for bugs and tell EV's team if you found one, it will help them a lot). Imagine a myriad of dApps using this method, allowing a Web3 maxi to coexist with the ultimate noob from Web2 on a common ground that gently pushes the latter towards a more secure web experience.
Pause is over
After you finish approving all the messages prompted by the "FIDO part", you're all set:
All the steps from 0 to everId can be done in probably less than one minute. No cumbersome UX, no "alien" prompts that generate headaches for a Web2 user, nothing but a clean interface that will direct you in no time to the already-known everPay view:
From here, the path is clear, I suppose - you can ask for some test USDC from everPay's faucet and go berserk (which means for now that you can send tUSDC to any everId, yeah, the definition of "going berserk" varies from person to person).
Still, what about FIDO?
Frankly, when I first heard about everId I somehow expected Outprog to come forward and proudly state that he reinvented the wheel and their solution is 100% "home grown", as pure as it gets, it's just better than anything Web2 ever presented. Let's be honest, this is the main discourse you are expecting from whatever a Web3 native company ships: "We reimagined the click, now you have to push it two times and then wait for another anon validator to click also in order to create a trustless click; ofc, you'll have to pay that validator some tokens, but you'll receive those also if you participate in the network and help other users click. It's better than the old ways because it is decentralised."
To my utter surprise, everVision did something shocking: they actually took from the "traditional web" an already existing solution that fits best with the intended purpose and adapted it for the Web3 world.
FIDO stands for Fast IDentity Online and it was developed by FIDO Alliance, an organization that went public ten years ago in 2013. I won't reproduce FIDO's history, you can check it here, but suffice it to say that the organization now has as members basically every relevant traditional tech company - Apple, Google, Samsung, you name it. Their goal was to create a passwordless login method that would keep the keys locally at the user's end. What did they manage to create? An open-sourced standard that not only manages to do that, but to keep the keys on the secure chip of the device used for logging in. Also, from what I saw from my quick research, industry leaders claim it to be the best safeguard against phishing and the go-to solution for the banking sector. Now please link the dots.
I don't know what Web3 means in each one's book, but for me, this FIDO thingie checks lots of the attributes that make Web3, and on top of it, also comes with widespread adoption, both institutional and end user - wise.
A kind of conclusion
We can continue our old ways - being stubborn and proud, or we can try and find the best solutions for the end users, even when it happens that those aren't as on-chain as some of us want.
everVision's goal is to embark 1 billion users to Web3. everID is the tool that gives them a fighting chance.