Feature Idea - "Cardano Access"

Hi Guys, i got a Idea for the Cardano Project. Is I unfortunately am not a Developer I do not think this is something for Project Catalyst. If so please feel free to propose it for a Voting.

What it is about?

“Cardano Access” is a Single Sign On Solution which provides very high security for the User. It is divided into 3 components: The “Cardano Access” App, A SSO Center in Daedalus and a Plugin to Embed “Cardano Access” for Customers as a Third Party-Service (Like SSO with Google,Apple etc.).

How does it work?

  1. If a Third-Party offers “Cardano Access” he can integrate it into his Shop or Website so Users can use it to let the User create a an Account there and login.

  2. Cardano Access lets the User save his credentials securely in Daedalus or rather on the Blockchain. The real Usernames, Passwords or Email-address will be sent via a transaction to the chain and are bound to a unique QR Code.

  3. The Account is then visible for the User in the SSO Column of Daedalus. The real credentials or rather the QR Code bound to them is masked and not visible until it is unlocked.

  • To unlock the view to the credentials it is necessary to scan a QR Code bound to them with a (previously in daedalus) setup trusted device.
  • After scanning it the “Cardano Access App” asks you for the (previously setup) Pin.
  • The clear credentials are then visible and can be changed.
  1. If a User stores his credentials on Cardano the Third-Party-Provider gets a random anonymous E-mail,Password and Username assigned to their account. Emails are forwarded to the real email address and the Third-Party-Provider can interact with the user in a totally secure way without actually knowing the Data or Person behind them.

  2. Wants a User to login to the Third-Party, he can use “Login with Cardano Access” and gets a unique QR Code to scan with his/her Access-App. The App of the trusted device will then ask if he or she wants to login like “Do you want to share your Credentials with Provider “FACEBOOK” to login?” If the User clicks yes the Account is being matched in the background and a transaction will be prepared to send in Daedalus->Access Center-> Pending (See Screenshot below for an example). After confirming the transaction the Login will be processed.

Whats the Daedalus Access Center?

The Daedalus Access Center is a specific column in Daedalus.

The small Icon on the left is where you can access it. When clicking it a modal appears with the mentioned flow to unlock the view to it (Scan QR Code-> Get Asked for Pin on trusted Device)

In there you find:

Dashboard - A DAILY Summary of all recent Login attempts, fails, no. of saved credentials and lots of other usefull data.

Logins - An overview of all Logins -> Attempts, Fails, Successes plus the respective Website.

Pending - Check and confirm pending credential exchanges with websites

Manage Credentials - See and Manage all Credentials plus Websites and be able to add some for later use.

More - Add and manage a trusted device

What do you guys think?. Would this work? Sorry for the grammar btw.

Thanks in advance for the feedback

1 Like

Ah just to add some additional benefit of a system like this:

  1. It is like a combination of Dashlane with an SSO like Apple Sign in combined

  2. As the real credentials are only on the Chain and are never transfered anywhere the system is very secure. The encrypted Credentials can have a lot of characters (more a human could memorize) and still used to login.
    Example:

Username/Mail: wRJnft4d-?bt22kkk@cardano-access.de

Passwort: 50 Characters long

The User does not have to memorize anything once it is set in Daedalus.

  1. Practically unhackable without a trusted device, the Pin and the Wallet Password