file icon

What are Personas (and Identities)?

Personas are a way of creating easy, passwordless logins for Web3.0 dApp websites, as well as a way for users to selectively share their personal data with websites.

Personas are created in the Radix Wallet, and each time you need to login to a dApp on Radix, you select the Persona you want to use. Each Persona has its own name and can include data that you might want to share with websites, like your email address, phone number, or mailing address. You can use one Persona everywhere, or you might want to use a different Persona in different places at different times – it’s up to you.

The way that Personas are used to login to websites takes advantage of the features of the Radix Network. Each Persona is associated with something on the Radix network called an Identity (a type of component). An Identity is similar to a Smart Account, but it can’t hold tokens. However, it still has all of the nice multi-factor control and recovery features of Smart Accounts. The Identity doesn’t contain any of your personal data from your Persona – it’s completely anonymous. However, when you connect to a website, the Radix Wallet can sign a message called a “challenge” that only the owner of the Identity can produce. This means that the website can receive the challenge, look at the corresponding Identity on the Radix network, and verify that you are really the owner of that Identity. If so, the website can log you in – automatically and without you ever entering a password.

The Persona/Identity concept is similar to something called PassKeys, currently being supported by Apple, Google, Microsoft, and others. Their goal is also to eliminate passwords from logins, using cryptographic “challenges”. However, in their system they have no Radix network and so they have no decentralized way of recovering access to a PassKey if, for example, you lose your phone that was holding the key. Instead, the keys are backed up to Apple’s, Google’s, or Microsoft’s servers. Not very Web3.0.

After you login with a Persona (and, behind the scenes, its associated Identity), a website might need to get some information from you. Maybe it needs to get your mailing address to ship you something.

In Web2.0, a website like Amazon.com stores your mailing address on their servers so that you don’t have to type in your address every time you buy something. That improves the user experience, but once that information is stored on their servers, it becomes very tempting for Amazon to use it in other ways that maybe you’re not so interested in. Also, storing user data creates a huge legal responsibility that can be expensive and risky for a company that’s not as big as Amazon.

In Web3.0, we would like to eliminate the common pattern of every website storing our personal data. With Personas, we can do it. If a website wants a piece of personal data associated with the Persona you’re using, it requests it from the wallet. The wallet will ask your permission to provide that information – and will remember that permission in the future. Now a website can ask for your mailing address, use it for what’s necessary, and then immediately forget it because it knows that it has the permission to ask the wallet for it again in the future. Now there’s no excuse for Web3.0 Amazon to keep your data on its servers, and the small website creator doesn’t have to store a risky payload of user data to provide a good user experience. And in the Radix Wallet, you can cancel these permissions whenever you want, and can keep your data up to date in one place.

Further reading: