Each blockchain has different specifics but most of them require people to have a “Wallet” to store cryptocurrency (“Tokens”) and interact with apps that use blockchain (“DAPPs”).
A “Wallet” is composed of a private key and a public key. When trying to match this to existing / common mental models one could say the public key is like an email and the private key is like a password. However, that would be an incorrect assumption:
Another common misconception when we introduce the concept of hot and cold wallets (hot wallet is software-only, i.e.: metamask, cold wallet can be a physical piece of hardware or paper, i.e.: ledger) to someone not familiar with web3 is that the person’s “Tokens” are stored in the device where the wallet is. This is of course not true because everything web3 exists inside the blockchain. This misconception is particularly exacerbated because we call it a “Wallet” and real-world wallets have coins and notes.
Better metaphors for this concept would be “Cards” or “Keys”. You know that the cards in your wallet simply tell the store which bank to go get the money from. Similarly, the key to your house does not have your house inside it, it simply provides access to it.
Due to blockchain technologies being still a mystery for a lot of people, they’ve become very alluring for scammers and hackers. Since people don’t understand the conceptual model they can be led to performing operations that leak their keys or funds to the attacker without even realising.
Compared to non-blockchain applications, when we are interacting with a system that requires higher security we are used to having extra codes besides email and password like SMS, 2FA, key cards. In web3, the closest approximation would be cold wallets. By being offline and self contained, it’s not possible to perform an operation on a person’s “Wallet” without the authorisation from the device. However, most people interacting with “DAPPs” will use a hot wallet (i.e.: Metamask) without realising the danger they are putting themselves into.
There are several ways this could be improved if this becomes a priority for infrastructure providers:
Interacting with the blockchain (via transactions) uses a very computer-centric language that appears too abstract for non knowledgeable people. While operations will always be required (token approval, call data, contract call) the process of performing them can be humanised and simplified. Good examples of this are “Wallets” like Phantom for the Solana blockchain.
Similarly, the risk involved in certain operations is completely ignored by the tool, making it very easy to make mistakes or authorise unacceptable permissions. I believe that more of these “friendly” wallets will appear both because people demand them and because complex wallets will start seeing people fleeing to easier to use wallets.
In closing, blockchain technologies are constantly evolving and finding new use cases and ways to interact with them. Ultimately, the adoption of web3 technologies is in the hands of HBI practitioners. With the amount of chains and diversity, Human–Computer Interaction will be a deciding factor in mass adoption and needs to become a priority for a blockchain to succeed.
2FA should be the minimum industry standard for every wallet. Either via a physical device or 3rd party integration. Software only wallets should be highly discouraged or include limitations to prevent people from using them for long periods or large amounts of money. People should understand the necessity of this without having to get hacked or scammed.
While seeing the raw data of an operation is useful for developers, regular non-technical people won’t be able to understand what it means. Wallets need to be able to explain in a simple way, with basic words what an operation is and what it will do.
If an operation gives permission for someone else to operate on my wallet it needs to be clear before the permission is given. Think “Login with Google” for web3 operations, “what am I agreeing to” with this operation. What can the website do when I connect my wallet? What can the dapp do when I sign this message?
A transaction that sends 1% of tokens from a wallet should not be the same as a transaction that sends 100% of the tokens. Mistakes happen and tools should help prevent them.
There are enough scams going around, explain very clearly what your product does, what you are selling, how to use it and what to expect from each step (“how do I know if it’s working correctly?”). And please don’t just send people to your whitepaper.
Provide estimates for how long transactions will take, how many transactions will need to be made, how much it will cost, and the status of transactions sent.
Finances and technology are hard enough, no need for people to have to understand things in a second language. If mass adoption is the goal, a dapp needs to be available in more than one language.