In a web3 product, a wallet is the user's identity. Despite this critical meaning of wallet, the most significant usability problem in web3 products is always wallet, wallet, and wallet. This wallet has a "Trillemma" - Security, Recoverines, and User Experience, and there has never been a product that satisfies all three.
Here, Meowauth aims to solve this uncomfortable trilemma by leveraging Flow's native multi-key account system to create the ultimate web3 authentication that can satisfy all of them.
So, how it works is simple. First, MeowAuth supports standard login methods like Google / Email / SMS login. As soon as the user logs in, we generate one as a custodial key in our server and the other in the user's device using Flow's one-account multi-key system. The user can register any device they want with MeowAuth through Biometric Auth.
Two keys are required to send the tx for 2FA security to sign the transaction. Here, the user's key on the Meowauth server, which is stored as a custodial key, will serve as an auto-sign, so the actual key authorization needed from the user side is the key from any registered device. Since you registered devices with Biometric Auth, you can sign easily and quickly the transaction using Face ID / Touch ID.
Initially, the current device authenticator had a fatal flaw because it was a single key that could not be recovered if the device was lost. However, by adding as many devices as you want, you can also take control of this issue.
If you feel secure with self-custody, it's up to you. Still, the user can revoke the custodial key from Meowauth and turn their wallet into self-custodial mode anytime.
More than that, by utilizing Flow's wallet linking system, Meowauth will assist in letting our users bring their wallets and link Meow's account to them. That way, you can quickly put your assets in a single wallet and take complete control of them to achieve true self-custody.
As a solo hacker, I needed more time to team up, so I had to work alone. I was totally out of resources, so I had to be efficient as possible. When learning about the new concept, I needed to become more familiar with Flow blockchain as I am only used to solidity. However, after deep diving into various developer docs released by the team and developers within the ecosystem, it was helpful to learn about Cadence quickly. Despite of different account structures of Ethereum, I am happy that I could finish making a demo of the new authentication system to better the previous user's experience.