Perhaps unsurprisingly, Internet login systems are essentially as old as the Internet itself. As the first computer networks formed in the 1960s and 1970s, the need for user authentication also increased. ARPANET, the precursor to today's Internet, implemented the first formal login system when it began operations in 1969. These pioneering systems required users to enter a username and password to access network resources, a task billions of people have done trillions of times since then. .
With the dawn of the World Wide Web in the early 1990s, web-based logins quickly became the norm, providing a gateway to personalized digital experiences. However, these early forays into user authentication were often marred by surprisingly lax security standards. Many developers at the time saw little harm in storing passwords as plain text or, surprisingly, embedding them directly within HTML code.
As the Internet has matured, so have approaches to login security. The introduction of server-side scripting languages ​​such as PHP in the mid-1990s allowed for more secure password storage and verification. Encryption and hashing algorithms have become standard practice, and two-factor authentication has emerged as an additional layer of security.
Despite the advent of two-factor authentication and password managers, and despite breakthroughs in other aspects of our digital lives, basic username and password combinations remain desirable. Not left like a party guest.
Login challenge scale
Whether to enter blockchain or not. Because even though blockchain is making breakthroughs in industries from healthcare to logistics, login is one area where distributed ledger technology (DLT) hasn't proven useful. .
Well, let's talk about why. For context, research conducted by LastPass states that “the average user has approximately 70 passwords to manage, and users can log in 20 to 30 times a day.” NordPass states in a similar study that “the average user spends approximately 15 minutes each day logging in and out of their account.” 30 seconds to 1 minute per login means approximately 15 to 30 logins per day according to NordPass research.
To be conservative, let's assume a minimum number of 15 logins per day. The world's population is 8 billion, and 85% of them have access to a smartphone, which can serve as a proxy for access to technology that requires a login.
Therefore, a very rough estimate of the number of logins per day worldwide is 0.85 x 8 billion x 15 logins, which equates to ~102 billion logins per day, or 1.2 million logins per second.
Cost and scalability issues
Ethereum, one of the most popular blockchain platforms, can only process about 6 zero-knowledge proof verifications per second. For blockchain to replace traditional login systems on its own, it would require the capacity of around 200,000 Ethereum-like blockchains operating simultaneously. This is before considering other transactions that occur on these networks. Simply put, blockchain in its current form does not have the scalability to manage even a fraction of the world's daily authentication requests.
However, capacity is not the only issue. The cost of validating logins on blockchains like Ethereum can be very high. As a base case, assume that the cost in gas units per login is 21,000 gas units, which is the absolute minimum cost per transaction on Ethereum. For reference, the price of Ethereum is currently $2,400 per ETH. Let's break it down.
Assume that 1 gas unit of Ethereum costs 5 Gwei, and 1 Gwei is equivalent to 1/1,000,000,000 ETH. This means that 240 million login verifications, each using 21,000 gas, would cost around $60.5 million per day, and the price of Ethereum would be $2,400 per ETH.
What's more, all of that cost will be spent in Ethereum, and no one in the network will be able to earn any revenue from it.
This is not sustainable.
Logging in costs less than validating transactions on a public ledger. While blockchain decentralization genuinely offers greater security and transparency, it comes at an economic premium, making it less common and ubiquitous than logging into your favorite website. It's not realistic.
square the circle
Still, zero-knowledge proofs (ZKPs) offer a glimmer of hope in a bleak situation. ZKP allows users to prove their identity without revealing sensitive information. This is very different from today's world, where personal data is spread across thousands of databases, each of which can be a target for hackers. In theory, blockchain-powered login using ZKP could usher in a new era of privacy, where passwords and usernames become relics of the past.
But theory and practice rarely align so neatly. Although ZKP may solve some of the privacy issues, it introduces other issues, namely the need for large amounts of computational resources and the current high cost of validating these proofs.
As mentioned above, Ethereum has struggled to cope with these demands, and while other blockchains like zkVerify are working to significantly reduce costs, the technology is not poised for widespread adoption. Not yet. And there are also challenges with user experience. Most Internet users are not encryption experts, so any new system, even with its flaws, will need to be as seamless as current username and password combinations.
Don't sniff out UX issues either. Just because something is technically superior does not mean it will be widely adopted (Linux OS is a good example). For the industry to succeed, both must come together.
Logging in shouldn't cost you anything directly, but the services you use often have hidden costs. Worldcoin offers a blockchain-based login solution that uses retinal scans to authenticate users with zero-knowledge proofs verified on the Optimism blockchain. This process costs only $0.0033 per login, but when scaled to 240 million logins per day, that cost reaches $800,000 per day, which becomes unsustainable.
This is a 98.5% reduction compared to Ethereum, but the system operates on a separate, more centralized layer, trading off decentralization and scalability. In contrast, cloud services like AWS Cognito offer a much cheaper alternative at $0.0025 per user per month, making blockchain options 98.5% more expensive. Clearly, blockchain login has room for improvement.
So what will happen to us? Blockchains contain elements that disrupt logins, even though there is no clear recipe for doing so. As advances in cost efficiency and scalability continue, such as zero-knowledge layer 2 solutions, we may be nearing a tipping point. Blockchain-based systems currently struggle to compete with the low-cost, high-speed infrastructure of cloud providers like Amazon and Google, but the scale is tipping in their favor.
mentioned in this article