Perhaps unsurprisingly, the Internet login system is essentially as old as the Internet itself. In the 1960s and 1970s, when the first computer networks were taking shape, the need for user authentication also grew. ARPANET, the predecessor to today’s Internet, implemented the first formal login systems when it went live in 1969. These groundbreaking systems required users to enter a username and password to access network resources, something billions of people would do trillions of times in the years to come. .
With the rise of the World Wide Web in the early 1990s, web-based logins quickly became a staple and a gateway to personalized digital experiences. Yet these early attempts at user authentication were often marred by shockingly lax security standards. Many developers at the time saw little problem with storing passwords as plain text or, astonishingly, embedding them directly in HTML code.
As the Internet matured, so did our approach to login security. The introduction of server-side scripting languages such as PHP in the mid-1990s allowed for more secure storage and authentication of passwords. Encryption and hashing algorithms became standard practice, and two-factor authentication emerged as an additional layer of security.
Despite two-factor authentication and password managers, and despite the great leaps that have been made in other aspects of our digital lives, the basic username and password combination has stuck around like an unwanted party guest.
The scope of the login challenge
Enter blockchain – or not. Because while blockchain is making leaps and bounds in industries from healthcare to logistics, logins are one area where distributed ledger technology (DLT) has not proven useful.
Okay, so let’s talk about why. For context, LastPass conducted a study that found that the “average user has ~70 passwords to manage, and users could log in 20-30 times per day.” NordPass stated in a similar study that “average users spend about 15 minutes logging in and out of accounts every day.” At 30 seconds to 1 minute per login, this means NordPass’ research would imply around 15-30 logins per day.
To be conservative, let’s assume the lowest number here: 15 logins per day. The world has a population of 8 billion people, 85% of whom have access to smartphones, which could be a proxy for access to technology that requires login.
Therefore, a very rough estimate of the number of logins around the world per day is 0.85 x 8 billion x 15 logins, which equates to ~102 billion logins per day, or 1.2 million per second.
The cost and scalability problem
Ethereum, one of the most popular blockchain platforms, can only process about six zero-knowledge proof verifications per second. For blockchain to uniquely replace traditional login systems, we would need the capacity of nearly 200,000 Ethereum-like blockchains operating simultaneously – and that’s before taking into account other transactions taking place on these networks. Simply put, blockchain in its current form lacks the scalability to manage even a fraction of the world’s daily authentication requirements.
But capacity is not the only problem. The cost of verifying logins on a blockchain like Ethereum can be extremely high. In the base case, let’s assume that the cost in gas units per login is the absolute minimum cost per transaction on Ethereum, which is 21,000 gas units. For reference, Ethereum currently costs $2,400 per ETH. Let’s break it down.
Suppose one unit of gas on Ethereum costs 5 gwei, and 1 gwei is equal to 1/1,000,000,000 ETH. This means that 240 million login verifications, each using 21,000 gas, would cost approximately $60.5 million per day, while Ethereum would cost $2,400 per ETH.
And to top it all off, all those fees would be burned onto Ethereum, meaning no one on the network would get any revenue from it.
This is not sustainable.
Logging in simply doesn’t cost as much as verifying a transaction on a public ledger. While blockchain decentralization offers great security and transparency, it comes with a financial premium that makes it impractical for something as mundane yet ubiquitous as logging into your favorite website.
Square the circle
Yet zero-knowledge proofs (ZKPs) offer a glimmer of hope in an otherwise bleak landscape. ZKPs allow users to prove their identity without revealing sensitive information. This is a far cry from today’s world, where personal data is spread across thousands of databases, each a potential target for hackers. In theory, blockchain-powered logins using ZKPs could usher in a new era of privacy, one where passwords and usernames are relics of the past.
But theory and practice rarely fit together so neatly. While ZKPs can solve some privacy concerns, they introduce other problems, namely the need for significant computing resources and the current high costs of verifying this evidence.
As previously mentioned, Ethereum is struggling with these demands, and while other blockchains like zkVerify are working to dramatically reduce costs, the technology isn’t quite ready for widespread deployment. And then there is the challenge of user experience. Most Internet users are not experts in cryptography, so any new system must be as seamless as the current, albeit flawed, username/password combination.
UX issues should not be sniffed at either. Just because something is technically superior doesn’t necessarily mean it will be widely adopted (take the Linux operating system as a good example). If the industry wants to succeed, it must combine both.
Although logging in does not incur any direct costs, it often does, hidden in the services we use. Worldcoin offers a blockchain-based login solution that uses retina scans to authenticate users with zero-knowledge proofs, verified on the Optimism blockchain. While this process only costs $0.0033 per login, when scaled to 240 million logins per day, the cost is an unsustainable $800,000 per day.
While this is a 98.5% reduction compared to Ethereum, the system operates on a different, more centralized layer, trading decentralization for scalability. In contrast, cloud services like AWS Cognito offer a much cheaper alternative, costing $0.0025 per user per month, making the blockchain option 98.5% more expensive. It is clear that blockchain logins have room for improvement.
So where does that leave us? Blockchain has the ingredients to disrupt logins, if not a clear recipe for doing so. As advances in cost-efficiency and scalability – such as zero-knowledge-based Layer 2 solutions – continue to evolve, we could be approaching a tipping point. While blockchain-based systems are currently struggling to compete with the cheap, fast infrastructure of cloud providers like Amazon and Google, the balance is tipping in favor.