Is Token Gating the Key to Web3?

Amongst the chaos of cryptocurrency these days and the global bear market climate, NFTs have been pushing use case boundaries and gaining adoption. Most notably, IMHO, is the concept of token gating.

Token gating is the Web3 equivalent to user management. I spent a lot of time focused on user management architecture and feature development so this is something I think is a great parallel for people just getting into the tech stack that is Web3.

A central tenant to blockchain technology is self-custody. This means that I am holding my own data. That data is blockchain native tokens (the coins of the blockchain like BTC and ETH), as well as tokens from smart contracts (like alt coins and NFTs). I have the seed phrase (at the parent level) or the private keys (at the child level) in order to control this data in my wallet.

By having a wallet application installed, usually a browser extension or a mobile crypto wallet app, I can connect to Web3 enabled sites. These sites are frequently using the data in the wallet that I’ve connected to determine what I am able to see and do. It also creates a very simple purchasing transaction mechanism. Instead of logging in with my username and password, I use my crypto wallet. No longer do I need to worry about my password being compromised from some huge breach of a service that I’ve used SSO (single sign-on) with, and spend hours changing all of my passwords, or just praying nothing happens to my accounts. I just connect with my wallet on my browser extension. The security, from this regard, is a lot like saved passwords on browsers. Not optimal, definitely convenient.

Right now, it is largely used for things like NFT marketplaces, DEX (decentralized exchange) apps, and NFT project sites that are giving you special functionality. Other apps like Discord have more apps that you connect to create token gated channels for privileged information.

The greatest advancement here is that I own my connection data, not Google or Facebook or a password app. I am not giving my data over unwillingly for a service provider to sell me stuff I don’t want to consume. Passwords are now a thing of the past. Only my keys can get me in.

This means that if I am an app, I can decide that specific NFT holders get specific access, dynamically, based on the contents of their wallet. Dynamic access control is a complex form of security that is very useful for rapidly changing content. Don’t grant user access one at a time to one particular feature, give them access to any feature that should overlap with the wallet contents. This dynamic display of information creates better hubs with more focused delivery. Instead of admin permissions, they get the admin NFT. My audit log of who had admin permissions is the blockchain. Instead of subscribing to a topic they are interested in, like history, they hold the history NFT.

All together, we now have decentralized user management. I, as a web3 enabled site, can give you special access based on your wallet contents, and all I need to provide as the site or app is the mapping of what content matches which NFTs. I do not need to provide any of the account management, password resets, 2FA, account verification, etc. All of that is now in the hands of the user.

This functionality is OOTB if you build in Web3. That’s a huge advantage for a new team trying to get their MVP out of the door. This concept cuts down a lot of the infrastructure that would need to be built to support any configurable, tiered access SaaS application.

The functionality you get by choosing to build on the blockchain has a good chance of triggering mass adoption in the near future.

HOWEVER, it is important to understand that a lot of these NFTs that I want to give privileged access to are worth a lot of money. Sometimes over $100,000. This creates a problem. Never before have I had to compromise the security of my high value assets to gain access to a website. What if the website gets hacked? What if I get phished? What if the web3 connection breaks and suddenly I’m signing over all of the contents of my wallet and all I wanted was access to a special hoodie? Now I’ve lost valuable financial assets and I don’t get the access I wanted.

This is where the FoolProof Token comes in. In order to scale this technology, we need security. Security is at the core of user management. I shouldn’t sacrifice financial assets to gain secured access. I want the product I bought to remain safe, while I also get to utilize the experience that comes with the product.

The FoolProof Token creates the separation of the financial asset from the login component. Once a FoolProof Token smart contract is deployed, it is in control of the owner of the original NFT. That owner moves the FoolProof Token to their login wallet. Now, when I connect, I am not compromising my high valued assets, they are completely separate. The FoolProof Token provides the access to the experience, and my finances are secured in a wallet that is never connected to a site, until I’m ready to part ways with it. I will not lose my real NFT unintentionally, and I can enjoy the full experience my NFT provides.

Advancements like the FoolProof Token are going to pave the way for mass adoption by reducing risk and improving the worst part of the current blockchain user experience, getting rekt and losing bags.