From what I have researched, it seems that all of the methods for allowing a user to signup and login for an Ethereum dapp are very cumbersome for the user to use. What are the best practices to allow signup and login that match the following criteria:
-
The method for signup and login should not be cumbersome; ie: simple
as normal methods of username/password or facebook and google oauth. -
The method for signup should not charge the user any ethereum (gas)
– taking someone's money just to signup would put off most people. -
The method of signup and login should not make the user jump through
hoops such as,
a) entering email
b) downloading a mobile app
c) entering a wallet address
d) waiting for authentication confirmation
e)entering a code back on the signup screen, etc. -
Extra software like MetaMask or Mist should not be required. (Maybe this is not possible?)
The goal here is to remove as many hurdles as possible to get users to the dapp.
Best Answer
AFAIK it's always easy and good to use the PGP key mechanism for user authentication in DAPPs built using Ethereum. It's possible to use the account address as the username and to let the user sign some data with his private key to verify. This article might help you in the process.
To make it easy for users, you can let users to store their private key on client's side (eg: embed it with app they use once registered etc. - make sure to notify user to keep the private key stored, if in any case app is uninstalled)
UPDATE : As discussed in the comments below, If you want to go for a traditional user account system use a traditional user table with usernames associated with an account address and to connect to the ethereum network use web3.js (refer this question) - However this is again going for a trusted third party mechanism.