MetaMask Login | backup address

Your settings are synced without compromising the confidentiality of your MetaMask activity. Instead of web2-like architectures,

When you attempt to sign into MetaMask Portfolio, your MetaMask wallet will ask you to sign a message with your address to prove that you own that account. After signing, you will be logged into MetaMask Portfolio with that account address. We use a standard Sign-In with Ethereum flow. Our server receives the signed message and your address, checks the signature, hashes the address together with a salt (a random value) to generate your AccountID, and then forgets the address. The server signs your AccountID and emits a JSON web token (JWT) that the client can use to access MetaMask services, like the user configurations storage or notifications. Since the address is not stored and the AccountID hash is not reversible, MetaMask doesn’t know who and which addresses have logged in.

Last updated 1 month ago

How does the login work?