NeoLogin is a web-based wallet solution that aims to provide a user-friendly, non-custodial service. The project is also designed to be easily integrated by NEO dApps, with the goal of providing a familiar, universal login experience for users.
The service works by onboarding users with a traditional email address and password combination. After signing up, a file containing the private key is generated and downloaded, with the user’s password being used to create an encrypted key.
This encrypted key is stored by NeoLogin for the user’s convenience; when it is ready to be used, it is downloaded and decrypted locally with the user’s password. As the server does not know the password or private key, it claims to be non-custodial, however, there are additional security considerations when compared to traditional standalone wallet applications.
Currently, each NeoLogin account will generate a single address. Any dApp or website that implements the NeoLogin service can allow users to use it as a login method and request action from the user through the NeoLogin implementation of the NEO dAPI standard.
To introduce the project, the team published a Medium post documenting the difficulties often encountered by those looking to use dApps or send cryptocurrencies. In particular, the team outlined the current requirement for a user to download a wallet application, learn about key management, and the risk of losing assets upon device loss or failure.
By providing users with a simple email and password login that can be used across multiple NEO dApps, NeoLogin aims to provide a universal solution with a lower barrier to entry for new users.
Users can create their own NeoLogin wallet on the official website, however, it should be noted that only a rudimentary wallet interface has been provided at this time. This is due to the team’s intention for it to be interacted with through the dAPI:
“This ‘wallet’ interface is not what NeoLogin is intended to be used as. NeoLogin’s main purpose is easy access to dApps, who will provide their own interface. If NeoLogin proves to be popular, we might build a stand-alone wallet interface as well.”
NeoLogin developers also provided a security analysis, outlining the various attack vectors associated with existing wallet solutions. Although the service is currently at risk of the three potential attacks, the team notes that the current implementation “trades security for convenience when compared with traditional wallets.”
In addition, NeoLogin outlines its goal to mitigate some of these risks in the future through the use of Trusted Execution Environments, which will reportedly require “substantial development effort.”