I recently joined the 100 Days of Solana challenge, and in the first few days I did some pretty basic things:
- Generated a wallet
- Funded it using devnet
- Connected it to apps
- Sent transactions
Sounds simple, right?
But it raised a bigger question for me:
If there’s no email/password… how does identity even work here?
If you're coming from Web2, this part can feel confusing at first. Let me break it down based on what I've learnt.
Web2 Identity (What We’re Used To)
In Web2, identity is straightforward:
- You sign up with email + password
- Your details are stored in a database
- When you log in, the server verifies you
- A session or token keeps you logged in
So basically, the server is responsible for knowing who you are.
The Shift: No Central Authority
On Solana, that model changes completely. The best way to think about it is:
Using a Solana wallet is like logging in with OAuth, except there’s no Google or Facebook verifying you. Identity is proven cryptographically by your wallet.
There’s no central server in charge of identity. Instead, identity is tied to your wallet.
Your Wallet = Your Identity
A wallet (like Phantom) is built on something called a keypair:
- Public key - your wallet address (like a username)
- Private key - used to approve actions (kept secret)
So when we say, “This is my identity on Solana”. What we really mean is “I control this wallet address.”
Signing = Authentication
This is the most important part. In Web2, you send your password to prove who you are
In Solana, you sign a message or transaction
Here’s what actually happens:
- You interact with a dApp
- The app asks your wallet to approve an action
- Your wallet prompts you
- You approve
- Your wallet signs using your private key
That signature is the proof. You don’t log in with a password, you prove who you are by signing.
Also important:
Your private key is never exposed. It stays inside the wallet.
The password you enter in your wallet is not what proves it’s you, it only unlocks your wallet locally.
When you connect your wallet to an app, The app gets your public address. It never gets your private key.
That’s why wallet connections are considered secure.
A Real Flow (From My Experience)
Here’s a typical flow based on what I’ve been building:
- I click “Connect Wallet”
- My wallet (Phantom) asks me to approve
- The app gets my public key
- The app uses RPC to fetch my balance
- I enter an amount to send
- I click send
- My wallet asks me to sign
- I approve, transaction goes through
Where RPC Comes In
RPC (Remote Procedure Call) is just how apps talk to the blockchain. It fetches balances, sends transactions and reads data. It does not know who you are or manage identity. It just responds to requests.
So What Replaces Sessions?
In Web2, you log in once and session persists.
In Solana, there’s no real “session”. Your identity is simply your connected wallet. Your ability to sign when needed. If you disconnect, that’s it. No session stored somewhere.
Conclusion
At first, it feels strange not having a login system.
But once you understand this:
Identity = wallet
Authentication = signature
Everything starts to make sense.
If you're just getting into Solana like I am, this is one of the most important concepts to understand early.
It makes everything else easier.
Top comments (0)