Blockchain isn’t ready for logins (yet)

Perhaps unsurprisingly, the internet login system is essentially as old as the internet itself. In the 1960s and 1970s, as the first computer networks took shape, so too did the need for user authentication. ARPANET, the predecessor to today’s internet, implemented the first formal login systems when it began operations in 1969. These pioneering systems required users to input a username and password to access network resources, something billions of people would do trillions of times in the years since.

With the dawn of the World Wide Web in the early 1990s, web-based logins quickly became a staple, providing a gateway to personalized digital experiences. Yet, these early forays into user authentication were often marred by shockingly lax security standards. Many developers at the time saw little issue in storing passwords as plain text or—astonishingly—embedding them directly within HTML code.

As the internet matured, so too did our approach to login security. The introduction of server-side scripting languages like PHP in the mid-1990s allowed for more secure password storage and verification. Encryption and hashing algorithms became standard practice, and two-factor authentication emerged as an additional layer of security.

Despite two-factor authentication and password managers, and despite the leaps and bounds made in other aspects of our digital lives, the basic username-password combo has stuck around like an unwanted party guest.

The Scale of the Login Challenge

Enter blockchain — or not. Because despite blockchain making leaps and bounds in industries from healthcare to logistics, logins are one area where distributed ledger technology (DLT) hasn’t proven useful.

Ok, so let’s talk about why. For context, LastPass conducted a survey that stated that the “average user has ~70 passwords to manage, and that users could log in 20-30 times per day.”  NordPass, in a similar survey stated that “average users spend about 15 minutes of each day logging in and out of accounts.” At 30 seconds to 1 minute per login, that means NordPass’s survey would imply roughly 15-30 logins per day.

To be conservative, let’s assume the lowest number here — 15 logins per day.  The world has a population of 8 billion people, of which 85% have access to smartphones, which could be a proxy for access to technology where logins are required.

Therefore, a super rough estimate of logins across the entire world per day is .85 x 8 billion x 15 logins, which equates to ~102 billion logins a day, or 1.2 million per second.

The Cost and Scalability Problem

Ethereum, one of the most popular blockchain platforms, can handle only around 6 zero-knowledge proof verifications per second. For blockchain to singularly replace traditional login systems, we would need the capacity of nearly 200,000 Ethereum-like blockchains working simultaneously — and that’s before we account for other transactions that happen on these networks. Simply put, blockchain in its current form lacks the scalability to manage even a fraction of the world’s daily authentication demands.

But capacity isn’t the only problem. The cost of verifying logins on a blockchain like Ethereum could be extremely high.  As a base case, let’s assume that the cost in gas units per login is the absolute minimum cost per transaction on Ethereum which is 21,000 gas units  For reference, right now, Ethereum is priced at $2,400 per ETH. Let’s break it down.

Assume that one gas unit on Ethereum costs 5 gwei, and 1 gwei equals 1/1,000,000,000 ETH. This means 240 million login verifications, each using 21,000 gas, would cost around $60.5 million per day, with Ethereum priced at $2,400 per ETH.

And to top it off, all that cost would be burnt on Ethereum, meaning no one in the network would earn any revenue from it.

This is not sustainable.

Logins simply can’t cost as much as verifying a transaction on a public ledger. The decentralization of blockchain, while offering great security and transparency bonafides, comes with a financial premium that makes it impractical for something as mundane yet ubiquitous as logging in to your favorite website.

Squaring the Circle

Still, zero-knowledge proofs (ZKPs) offer a glimmer of hope in an otherwise bleak landscape. ZKPs allow users to prove their identity without revealing any sensitive information — a far cry from today’s world, where personal data is scattered across thousands of databases, each a potential target for hackers. In theory, blockchain-powered logins using ZKPs could usher in a new era of privacy, one in which passwords and usernames are relics of the past.

But theory and practice rarely align so neatly. While ZKPs may solve some privacy concerns, they introduce other issues, namely the need for significant computational resources and the current high cost of verifying these proofs.

As mentioned earlier, Ethereum struggles with these demands, and while other blockchains like zkVerify are working to drive down costs dramatically, the technology is not quite ready for widespread deployment. And then there’s the challenge of user experience. Most internet users aren’t cryptography experts, so any new system needs to be as seamless as the current, albeit flawed, username-password combination.

UX issues shouldn’t be sniffed at either. Just because something is technically superior, it doesn’t necessarily mean it’ll be widely adopted (take the Linux OS as a great example). The industry must combine both if it is to succeed.

While logins shouldn’t carry any direct costs, they often do, hidden in the services we use. Worldcoin offers a blockchain-based login solution using retina scans to authenticate users with zero-knowledge proofs, verified on the Optimism blockchain. Although this process costs just $0.0033 per login, when scaled to 240 million logins per day, the expense reaches an unsustainable $800,000 daily.

While this is a 98.5% reduction compared to Ethereum, the system operates on a different, more centralized layer, trading off decentralization for scalability. In contrast, cloud services like AWS Cognito offer a much cheaper alternative, costing $0.0025 per user per month, making the blockchain option 98.5% more expensive. Clearly, blockchain logins have room for improvement.

So, where does that leave us? Blockchain has the ingredients to disrupt logins, if not a clear recipe to get it done. As advancements in cost efficiency and scalability—such as zero-knowledge-powered Layer 2 solutions—continue to develop, we could be approaching a tipping point. While blockchain-based systems currently struggle to compete with the low-cost, high-speed infrastructure of cloud providers like Amazon and Google, the scales are tipping in its favor.

Mentioned in this article