Phantom Wallet Adds 3 New Authentication Standards To Prevent Phishers
- Phantom wallet now supports “Sign In With” Web3 authentication standards.
- The standards are intended to improve user security when interacting with dApps and to prevent users from phishing attacks.
- But if an attacker obtains one, they can circumvent the authentication procedure and potentially access sensitive data or steal assets.
App for cryptocurrency wallets Phantom added a Sign In With (SIW) capability to boost user security and prevent against phishing attacks.
According to a blog post published yesterday, Phantom will provide users with necessary information when they interact with decentralized apps (dApps) that adhere to certain security standards for Solana and Ethereum crypto users, such as Sign In With X (CAIP-122) and Sign In With Ethereum (EIP-4361).
By signing a message, these standards enable crypto accounts to securely authenticate with off-chain services. The new feature is an optional addition to Phantom’s range of security services that dApps can choose at their discretion.
Phantom will send a warning to users if a dApp implements a SIW format but contains invalid fields. To prevent signature replay attacks, the wallet will display pop-up fields that request information such as the domain name of the site and the nonce. These types of attacks can occur when an attacker intercepts a digital signature and then utilizes it to gain unauthorized access.
Digital signatures are intended to validate the legitimacy of transactions and messages, but if an attacker obtains one, they can circumvent the authentication procedure and potentially access sensitive data or steal assets.
The decision was made in response to growing concern about the vulnerability of generic sign-in messages, which can be intercepted by phishing attacks. The “Sign In With” standards are designed to remove the confusion in evaluating if a user is vulnerable to such phishing attacks.
Phantom believes that the decentralized web ecosystem will eventually fully embrace SIW standards as a chain-agnostic solution for generic sign-in messages and an alternative to centralized identity providers.
DISCLAIMER: The Information on this website is provided as general market commentary and does not constitute investment advice. We encourage you to do your research before investing.
Join us to keep track of news: https://linktr.ee/coincu