A Read for Your Morning Coffee! MetaMask Now Allows Login via Google and Apple Accounts New feature brings convenience, but it's not the best solution for storing your cryptocurrencies. MetaMask, the most famous Ethereum wallet on the market, announced on Tuesday (26) that its users will be able to create new wallets using their Google and Apple accounts. The goal is to offer a simpler experience for new investors, so they don't have to worry about backing up seed phrases. Many users praised the feature on social media. However, it's important to note that there are some dangers with these social logins. MetaMask Launches Feature That Allows Login via Google and Apple Accounts The experience for cryptocurrency investors has improved significantly since the creation of Bitcoin. For example, in the early years, it was necessary to save long private keys. Later, 12 or 24-word seed phrases were introduced, which are much easier to store and interpret. Now, MetaMask has revealed that its users can create wallets using Google and Apple accounts. "You can now use your Google or Apple ID to create a MetaMask wallet and log in with one click," MetaMask wrote. "Creating, restoring, and accessing wallets is now easier than ever." In their blog, the developers note that "crypto doesn't have to be complicated" and that creating, backing up, and restoring a wallet has become easier than ever. "Traditionally, you need a 12-word Secret Recovery Phrase (SRP) to manage non-custodial crypto wallets," MetaMask wrote. "This method gives you more control and security over your digital assets than traditional financial accounts. But keeping track of your SRP can be a chore." "Social login simplifies the wallet creation and management process." In addition to the login, the user will also need to provide an additional password, increasing security. However, MetaMask warns that funds will be lost if the user loses this password. In other words, the password provides extra protection against invasions of Apple and Google accounts, but just like the 12 words, it cannot be lost. Developers Give Details About Social Login Security In another more technical article, MetaMask developers published a longer text for users concerned about the security of this social login method. In short, the company states that the keys will be hosted online but will be encrypted in a way that the keywords are only exposed on the user's computer. "MetaMask's social login uses a cryptographic primitive called a “Threshold Oblivious Pseudorandom Function” (TOPRF), along with a distributed key management protocol, to ensure you remain in custody of your tokens while offering a high level of protection against attacks and failures," the developers explained. "The feature is designed to be self-custodial. The only instance where a complete SRP exists is on your device, after successful authentication with your login and password." When the SRP is backed up, it is stored on the MetaMask backend as encrypted ciphertext. The encryption key is split between multiple key part holders using Shamir Secret Sharing (SSS). No isolated party (neither MetaMask, nor data storage, nor Google or Apple), besides you, can reconstruct the SRP in plain text. The SRP is obtained in a 2/2 system: by authenticating with the selected login provider (Google or Apple) and providing the correct password. Convenience Also Has a Price to Pay Social login can be useful for keeping hot wallets with low values, which the investor accesses at all times to perform transactions with some frequency. However, traditional self-custody with cold storage is still the safest method for storing large amounts. After all, it's not that difficult to write 12 words on a piece of paper and store it in a safe place. Explaining the risks, MetaMask points out that "if a number of holders above the threshold are compromised, the attacker obtains the OPRF key, but still needs to brute force the password to derive the correct encryption key." In the case of Google or Apple accounts being compromised, the developers note that the hacker would still need to guess the password (which is easy if it's an already compromised and reused password). "The number of password guessing attempts is limited due to the rate restriction on the server side," the company highlighted. Another problem would be forgetting/losing the password, which may be more frequent than losing the 12 words, since users will store them in their heads. "The use of password managers and local keys protected by biometrics can help reduce the risk of password loss or theft, but there is still a strong dependence on the password. This is the trade-off for maintaining self-custody, so make sure to keep your password and devices safe! We hope this introduces a more convenient path to create and restore your wallets." Finally, other risks are linked to Apple or Google. For example, they can ban a user or end support for this service. While these hypotheses seem difficult to believe, this week a user went through a similar problem with another wallet and with a Facebook login. "I tried to log in to my account via the website and was taken to a screen that 'requires' me to log in via Facebook, but Facebook no longer supports third-party logins," an investor reported. Therefore, as mentioned above, it is easier to write down your twelve words, unless you have a good excuse to abdicate full control of your funds. Finally, it is worth noting that MetaMask launched its own stablecoin this week, mUSD. Therefore, it is possible that the new feature that facilitates login and backup is focused on the general public — especially Americans, due to the Genius Act. Now that you've had a coffee while reading this great morning news, contribute to my coffee!