Wallet Authentication

ALIAS uses wallet-based authentication, meaning you sign in with your Solana wallet instead of creating username/password accounts. This approach provides better security and seamless integration with the crypto ecosystem.

What is Wallet Authentication?

Wallet authentication uses cryptographic signatures from your Solana wallet to prove your identity.

How it works: Instead of typing a password, you click "Connect Wallet," approve a signature request in your wallet, and you're logged in. Your wallet proves you own the private key without revealing it.

Why it's better than passwords:

• No passwords to remember or forget
• No password reuse across sites
• Can't be phished (attackers can't steal what doesn't exist)
• Cryptographically secure (wallet signatures use industry-standard cryptography)
• Non-custodial (ALIAS never has access to your funds)

The simple version: Your wallet is your login. Connect wallet = sign in. Disconnect wallet = sign out.

How Wallet Auth Works (Simple Explanation)

Understanding the process helps you trust the system.

Step 1: Connect wallet You click "Connect Wallet" and choose your wallet (Phantom, Solflare, etc.).

Step 2: Sign message Your wallet asks you to sign a message proving you own this wallet address. This signature doesn't access your funds—it's just proof of identity.

Step 3: Verify signature ALIAS checks that the signature is valid and was created by the wallet address you claim to own.

Step 4: Create session ALIAS creates a secure session (like a cookie) so you don't have to sign every single action.

Step 5: You're logged in You can now create cards, view your dashboard, and use ALIAS features.

Session duration: Sessions typically last 24 hours. After that, you'll need to reconnect and sign again.

Why ALIAS Uses Wallet Signatures

Traditional authentication doesn't fit crypto applications well.

Problems with passwords:

• Users have dozens of passwords across different sites
• Password reuse creates security vulnerabilities
• Forgotten passwords require recovery mechanisms
• Passwords can be stolen through phishing or database breaches
• Two-factor authentication adds friction

Advantages of wallet auth:

• Already have a wallet - Crypto users have wallets anyway
• One credential - Your wallet manages everything
• Can't forget - As long as you have your seed phrase, you have access
• Hardware wallet support - Ledger users get maximum security
• No central password database - Nothing for hackers to steal from ALIAS

Industry standard: Most crypto applications use wallet authentication. It's familiar to crypto users and aligns with Web3 principles.

Connecting Your Wallet

Step-by-step guide to signing in with your wallet.

Step 1: Install a Solana wallet If you don't have one, install Phantom, Solflare, Backpack, or another Solana wallet extension in your browser.

Step 2: Navigate to ALIAS Visit the ALIAS website and look for the "Connect Wallet" button (usually in the top right corner).

Step 3: Click "Connect Wallet" A modal appears showing available wallet options detected in your browser.

Step 4: Choose your wallet Click on your wallet (e.g., Phantom). The wallet extension opens.

Step 5: Approve connection Your wallet asks for permission to connect to ALIAS. Click "Approve" or "Connect."

Step 6: Sign authentication message Your wallet asks you to sign a message. This proves you own the wallet. Click "Sign" or "Approve."

Step 7: You're logged in The dashboard appears and you can start using ALIAS.

Session Management

How ALIAS keeps you logged in without constant signing.

What is a session? After you sign in, ALIAS creates a temporary session that lasts 24 hours. During this time, you can use the platform without re-signing.

How sessions work:

• Signature creates an encrypted token (JWT)
• Token is stored in a secure, HTTP-only cookie
• ALIAS checks the token for each request
• Token expires after 24 hours or when you disconnect wallet

Session security:

• Cookies are HTTP-only (JavaScript can't access them)
• Tokens are signed to prevent tampering
• Sessions expire automatically
• Disconnecting wallet immediately invalidates the session

Multiple devices: Each device has its own session. Logging in on your phone doesn't log you out on your laptop.

Manual logout: Click "Disconnect Wallet" to immediately end your session and sign out.

What You're Signing

Understanding the signature request helps you verify it's legitimate.

The message format: When you connect, you sign a message that looks like: "Sign this message to authenticate with ALIAS. Nonce: [random number] Timestamp: [current time]"

Why this specific message?:

• Identifies the site - You know you're signing in to ALIAS
• Includes nonce - Random number prevents replay attacks
• Includes timestamp - Prevents old signatures from being reused
• No transaction - Signing doesn't move funds or approve anything on-chain

What it does NOT do:

• Access your funds
• Approve transactions
• Give ALIAS control of your wallet
• Allow ALIAS to sign transactions on your behalf

Safety check: Always read the message before signing. It should clearly say "authenticate with ALIAS" or similar. Never sign messages that request fund access or unusual permissions.

Security Features

How wallet auth protects your account.

Cryptographic signatures: Uses the same cryptography as Solana transactions. Mathematically secure and industry-proven.

No password database: ALIAS doesn't store passwords, so there's no password database for hackers to breach.

Non-custodial: ALIAS never has access to your private keys or funds. We only verify signatures, we can't sign on your behalf.

Session encryption: Session tokens are encrypted and signed to prevent tampering.

Automatic expiration: Sessions expire after 24 hours, limiting the window for session hijacking.

Hardware wallet support: Ledger users can use their hardware wallet for maximum security—private keys never leave the device.

Using Multiple Wallets

How ALIAS handles multiple wallet addresses.

Separate accounts: Each wallet address creates a separate ALIAS account. Cards created with one wallet won't appear when logged in with another wallet.

Why separate?: Privacy and organization. You might want separate wallets for personal vs. business cards, or for privacy purposes.

Switching wallets: Disconnect current wallet and connect a different one to switch accounts.

Viewing all cards: There's no "master account" that shows cards from all wallets. Each wallet only sees its own cards.

Privacy benefit: Separate wallets mean separate identities on-chain. Use this for compartmentalization and privacy.

Common Issues & Solutions

Wallet not detected

ALIAS doesn't see your wallet extension.

Solutions:

• Install a Solana wallet extension (Phantom, Solflare, etc.)
• Refresh the page after installing
• Ensure wallet extension is enabled in browser settings
• Try a different browser

Signature request doesn't appear

Wallet doesn't show the signature popup.

Solutions:

• Click the wallet extension icon manually to open it
• Check if wallet is locked—unlock it
• Ensure pop-ups aren't blocked for ALIAS website
• Refresh page and try connecting again

Session expired

You're logged out unexpectedly.

What happened: Your 24-hour session expired or you disconnected wallet.

Solution: Click "Connect Wallet" again and re-sign.

Wrong wallet connected

You connected with the wrong wallet address and see different cards (or no cards).

Solution: Disconnect wallet and reconnect with the correct one. Each wallet has its own set of cards.

Can't access old cards

You changed wallets or lost access to your original wallet.

Unfortunately: Cards are tied to wallet addresses. Without access to the wallet that created them, you can't view card details. This is why wallet backup (seed phrase) is critical.

Best Practices

Wallet security:

• Back up your seed phrase - Lose wallet = lose access to cards
• Use hardware wallet (Ledger) for high-value cards
• Don't share seed phrase with anyone
• Keep wallet software updated

Session security:

• Don't stay logged in on shared/public computers
• Disconnect wallet when done using ALIAS
• Clear browser data on public computers
• Use private/incognito mode on untrusted devices

Privacy:

• Use separate wallets for separate purposes
• Don't link wallet to your real identity if privacy is important
• Consider using privacy protocol for anonymous card creation
• Be aware wallet address is public on blockchain

Comparison with Traditional Auth

Understanding the differences helps you appreciate wallet auth.

Traditional (username/password):

• Pros: Familiar, widely understood
• Cons: Password fatigue, phishing risk, database breaches, forgotten passwords

Wallet authentication:

• Pros: No passwords, cryptographically secure, can't be phished, non-custodial
• Cons: Lose wallet = lose access, less familiar to non-crypto users

Which is better for ALIAS? Wallet auth fits the crypto ecosystem perfectly. Users already have wallets, and it aligns with blockchain's trustless principles.

Next Steps

Learn more about ALIAS authentication and security:

• Quick Start - Connect your wallet and create your first card
• Privacy Protocol - Anonymous card creation
• Creating Cards - Step-by-step guide