Lightning login app - good or bad idea? \ stacker news ~bitcoin

1693 sats \ 43 comments \ @TheGrape 5 Dec 2022 bitcoin

Lnurl-auth, signing in with lightning, is a super nice feature!

Me and a few friends discussed that having a dedicated lnurl-auth app would be a great way to increase usage of this feature, because to download and understand a full lightning wallet just to sign in with lightning is a bit clunky and can be a big barrier for new users.

What do you guys think? Could a dedicated lnurl-auth app accelerate adoption of login with lightning?

We made an mvp of this idea. Try it out! You can use it to sign in on any lightning enabled site, such as https://lnmarkets.com/en or https://stacker.news/

step 1 - download Get In (good or bad name?)

step 2 - go to a lightning enabled website (such as https://stacker.news/)

step 3 - scan the QR code on the login with lightning section with the Get In app

step 4 - Accept

You are logged in! You don't need to be a lightning expert to login with lightning.

App Store: https://apps.apple.com/app/get-in/id6444308828

Google Play: https://play.google.com/store/apps/details?id=com.getin

The app is free and open source https://github.com/GetIn-id/GetIn

view all related items

7 sats \ 0 replies \ @grayruby 5 Dec 2022

Yes great idea.

11 sats \ 0 replies \ @gandlaf21 5 Dec 2022

@dolu made something similar i think

https://github.com/zerologin/zerologin-mobile

31 sats \ 0 replies \ @02d6987ce2 5 Dec 2022

Nice work! Definitely a useful addition to the ecosystem

11 sats \ 2 replies \ @itsybitsybtc 5 Dec 2022

For now, good idea. This will be another nice tool to help onboard people to what it is like using Lightning. In fact, I think it is great how it shows the power of Bitcoin without anyone having to actually buy any. I think it drops the barrier a lot.

Your name is ok. I'm not sure I am going to find myself saying "Go get get in".

Longer term, I think this is unnecessary. At some point, Apple, Google, Samsung, Huawei et all will be forced to support Bitcoin custody natively on their devices. That should evolve directly to lnurl-auth support.

21 sats \ 0 replies \ @TheGrape OP 5 Dec 2022

Thanks for the feedback!

If we come to that future maybe some people will still value an open source solution. Even if not, it would still have been worth it just to have onboarded users to bitcoin and lightning!⚡️

0 sats \ 0 replies \ @peterzion 6 Dec 2022

AND TEACH THE FILIPINOS FOR GOD'S SAKE! YOURE TOO CONCENTRATED ON YOUR RACE!

11 sats \ 1 reply \ @dtonon 5 Dec 2022

I think this is a good idea!

LN tech has and will have a lot uses, we should not necessary pack them all together.

Have an indipendent vertical login app make sense because every record (wallet) can have additional infos (like you did) and a separation of money/logins could also be welcomed from a security/privacy point of view.

I sugget to find a in-app way to promote the money side, for example with an informative section, a selection of resources/wallets and some ideas on how to to manage identities and wallets, with pro and cons, in a unique app or with multiple tools.

6 sats \ 0 replies \ @TheGrape OP 5 Dec 2022

Exactly our thought! Some users might be sceptical about payments with bitcoin, especially in the beginning, but they might still be interested in authentication. This could be a "gateway drug" to the ecosystem for sceptics.

That's good suggestions. Thanks for the feedback!

11 sats \ 9 replies \ @mf 5 Dec 2022

Can I connect your app to my node?

Downloading bluewallet (for example) seems simple enough for a non-expert, so I'm curious to know your thoughts on what led you to build this one.

1 sat \ 8 replies \ @TheGrape OP 5 Dec 2022

We just pushed an update where users can import their mnemonic to the app. You are able to have the same mnemonic on Get In as in your current lightning wallet at the same time, so you can log into the same account from several devices.

51 sats \ 7 replies \ @tbk 5 Dec 2022

I appreciate the effort to spread knowledge of lnurl-auth, however, do you think there is a problem importing seeds into "random" apps?

A wise man once said we should not normalize making people type seeds (BIP39) into text boxes. And I wholeheartedly agree.

In https://lnpass.github.io (shameless self-promote, I am sorry) the secret is presented as bech32 encoded string. Would you think this is a good approach for you app as well?

11 sats \ 6 replies \ @TheGrape OP 5 Dec 2022

Hmm I never really thought about that as a problem...

What kind of problems could it cause?

1 sat \ 5 replies \ @gandlaf21 5 Dec 2022

the seed is meant to be stored in a safe place. preferably not on a device connected to the internet if on a device at all. Typing it into an app defeats it's purpose, no? I guess the problem it could cause is the seed can be spoofed and the funds sweeped from the source. This applies only to sources that have funds in the first place though, which is not needed for this app to work. So i guess a warning to the users might do the trick?

54 sats \ 4 replies \ @dtonon 5 Dec 2022

@tbk:

A wise man once said we should not normalize making people type seeds (BIP39) into text boxes. And I wholeheartedly agree.

@rolarium:

he seed is meant to be stored in a safe place. preferably not on a device connected to the internet if on a device at all. Typing it into an app defeats it's purpose, no?

Security through obscurity is not a solution

A private key is a private key, regardless of format, should be managed with caution. I think that we should educate about that, otherwise the user will keep the seed on steel in the safe and then will share the bech32 private key thinking that a qrcode cannot harm. The key point is evaluate the risks and decide if the specific private key can be imported in a hot wallet/service. And the value is not only economic: perhaps for example could be "safe" to share a hot wallet private key with few sats but not the one that manages my identity on a social network.

0 sats \ 3 replies \ @tbk 5 Dec 2022

Completely agree with what you are saying.

However, in this case, I think this is a UX issue, not a "security by obscurity" issue. One could argue that a mnemonic seed is also a different representation of a seed, just like the bech32 representation, would you agree?

1 sat \ 2 replies \ @dtonon 5 Dec 2022

I absolutely agree. For this exact reason (different representation of a seed) I think we cannot demonize the menmonic preferring other formats.

So I cannot understand why "the secret is presented as bech32 encoded string" should be a preferred solution against a mnemonic seed (aside from the fact that you share a single private key insterad a bip39 master key, but here we are talking about formats and UX, not keys tipology).

Perhaps I misunderstood something?

view replies

10 sats \ 0 replies \ @selfish_gene 5 Dec 2022

круто. новинка без регистрации...

10 sats \ 18 replies \ @DarthCoin 5 Dec 2022

So you practically want to centralize something that is already decentralized... right.

11 sats \ 16 replies \ @dtonon 5 Dec 2022

Why centralized? I didn't dig the code, but it just seems a specialized wallet that support lnurl-auth, relieved of monetary functions.

Let's embrace a bit of positivity :)

10 sats \ 15 replies \ @DarthCoin 5 Dec 2022

Why would I go to use a random server that can generate a ln-auth key for me, when I can easily generate my own. Nowadays we have so many sovereign apps that can do that, without any 3rd party involved.

Just take a look here how many apps already offer LN-auth. Apps that users already used. https://github.com/lnurl/luds

Just another example: I can use my own LNbits to generate endless LN wallets that I can sign LN-auth.

12 sats \ 9 replies \ @TheGrape OP 5 Dec 2022

You are right, there are several wallets which can do lnurl-auth and more. If you are already using them then this app is quite useless for you, unless you want to separate payment and authentication.

Our thesis is that some users are skeptical about paying with bitcoin, but might be very interested in authentication without passwords. By spreading the use of lnurl-auth we might be able to win over many skeptics when they experience the technology first hand.

11 sats \ 8 replies \ @jk_14 5 Dec 2022

The only thing to do now is to convince all the web services around the world to use lnurl-auth as one of login method :)

1 sat \ 7 replies \ @TheGrape OP 5 Dec 2022

Yep, we are on it!⚡️

20 sats \ 6 replies \ @brxyz 5 Dec 2022

This leads to my question. The platforms using lnurl-auth are not where Bitcoin skeptics are spending their time. What are you doing to expand it to other platforms?

1 sat \ 5 replies \ @TheGrape OP 5 Dec 2022

We are going to develop a "business side platform" which makes it super easy to add "Login with Get In" to their service.

The motivation for a non bitcoin business to add it could be to attract more users with a smoother login and registration process. And it could also attract bitcoiners to their service which also leads to new users.

What do you think could make businesses interested in adding this login option?

view replies

11 sats \ 1 reply \ @rahim1971 5 Dec 2022

This does not use a "random sever". Unless I am missing something?

1 sat \ 0 replies \ @TheGrape OP 5 Dec 2022

ye it just runs the bip32 and bip39 protocol locally on the device

0 sats \ 2 replies \ @dtonon 5 Dec 2022

random server

Which random server?

Just take a look here how many apps already offer LN-auth. Apps that users already used. https://github.com/lnurl/luds

So cannot someone create a new one? Aren't anymore in the build mantra? :)

All the listed app are "monetary" wallet with support LN-Auth, this app aims to manage a specific use case removing the economic stuff, and I think can be useful in some areas don't mix ID and money.

0 sats \ 1 reply \ @DarthCoin 5 Dec 2022

Anybody is free to build any app. I am just saying that is useless to have a dedicated app just for LN-auth when I can use any other LN wallet for that. And as I said: with a LNbits instance (my own instance) I can have millions of different LN-auth, not just one, centralized in one app, with one identity.

Creativity doesn't mean is automatically useful.

0 sats \ 0 replies \ @dtonon 5 Dec 2022

I think you haven't any right to decretate if something is useful in general :)

For example a similar app, for me, is useful because I can split the money context from the login one. Then a login only app has less code, so less attack surface and can be audited easier. As said can extend the login record with useful data (for example alternative method access, a login history, etc.) that you hardly find in a standard wallet.

It's wonderful if you are happy with your LNbits instance, perhaps someone else could prefer a simpler/different/specialized solution. The market chooses, right?

Criticism doesn't mean is automatically useful.

PS: You forgot to reply about the server matter

1 sat \ 0 replies \ @TheGrape OP 5 Dec 2022

It's non custodial.

The private key is only saved on the device, and with the new update which we pushed today, users are able to import their mnemonic from another wallet, allowing you to sign in to the same account from multiple devices and wallets.

0 sats \ 0 replies \ @peterzion 6 Dec 2022

AND YOU DON'T EVEN ANSWER QUESTIONS!

0 sats \ 1 reply \ @peterzion 6 Dec 2022

Sign-in or not as long as your a Filipino it doesn't woRk...Why is these Lightcoin or Bitcoin so biased only for the English-Speaking People?And why are there no live chats to ask real questions for these ENGLISH-CONCENTRATED-(CHOSEN LANGUAGE ONLY) COMPLICATED THINGS?WHY DO YOU HAVE TO MAKE IT ALL SO COMPLICATED AND CONFUSING?!

0 sats \ 0 replies \ @TheGrape OP 6 Dec 2022

Why doesn't it work if you are a Filipino? The app is available worldwide.

Or is it because of language barriers? We are planning to translate the app into more languages, but we just haven't found time for it yet. It's on our todo list 🛠

0 sats \ 0 replies \ @faithandcredit 6 Dec 2022

I think this way of signing in has a future but not sure it will be lnurl-auth that will 'win' this market. But let's see!

0 sats \ 0 replies \ @Jon_Hodl 5 Dec 2022

I personally welcome anything that is built on open standards.

I can't stand trying to restore Google Auth or Authy on a new device.

Plus, it's just one more use case for lightning.