Comment on page
For secure access, Lambda requires hard authentication
Lambda stores zero passwords or usernames on the backend database. Given this fact, we ensure to perform hard authentication for each and every user each time that they login.
Your blockchain wallet is public and doesn't act so much as a password, tecnhnically anyone that possesses the right skillset could send a request, faking a wallet connection that is not theirs.
How do you know the user actually connected a wallet that belongs to them?
To ensure hard verification and that there is no foul play with the authentication when entering or interacting with the Lambda app, we make use of the core of what wallets are for, signing authorisation with your private keys, like you would during any real blockchain transaction!
- This doesn't mean you send your private keys - thats technically impossible.We use the signing functionality native in blockchains to sign a unique message so that we can verify the signature on the backend. This is called signed message authentication.
- For users with a ledger, it's a bit different: we create the smallest possible SOL transaction to yourself (no one else, you can verify this on the blockchain) - this way we can verify that it is you trying to login, as you just created that transaction and signed it with your wallet.
This is how we perform hard authentication for absolute security of access when using Lambda 2.0