Your Identity on Solana: Think "SSH Keys", Not "Usernames"

Liu — Tue, 28 Apr 2026 12:31:56 +0000

If you've built Web2 apps, the word identity probably makes you think of logins: email + password, OAuth with Google, GitHub usernames, sessions, JWTs, "Forgot password?" flows, and admin dashboards that can ban or restore an account.

On Solana (and most blockchains), identity starts from a different primitive:

a cryptographic keypair.

Once that clicks, the rest - wallets, accounts, token ownership, signing-starts to feel less like magic and more like a familiar security model you already trust in other contexts.

Web2 identity is "accounts in someone else's database"

In Web2 your identity is fragmented across services:

GitHub: @yourname
Work: your corporate email
Bank: phone number + KYC
Random SaaS tool: "Sign in with Google"
Each identity lives inside a company's database and rules. You "own" the account as long as the company recognizes you as the legitimate user. If something goes wrong, you depend on their processes:

password resets
support tickets
account recovery
moderation decisions
region restrictions
Even if the system is secure, the underlying idea is: a service provider grants access.

Solana identity is "proof by signature"

On Solana, there isn't a global "sign in" service. Instead, you prove who you are by doing something only you can do:

signing with your private key.

A Solana keypair contains:

Public key → your on-chain address (shareable)
Private key → your proof of ownership (never share)
When you create a transaction (send SOL, mint a token, interact with a program), your wallet signs it with the private key. Validators can verify the signature using the public key, without ever learning the private key.

This is the key difference:

Web2: "I know the password" (or I have an OAuth token)
Solana: "I can produce a valid cryptographic signature"
No password database. No centralized recovery. No admin override.

The best analogy: SSH keys

If you've used SSH, this will feel extremely familiar.

With SSH:

You generate a keypair.
You put the public key on a server (in authorized_keys).
You prove you're allowed in by signing a challenge with your private key.
Solana works similarly, except:

the "server" is the entire network
the same keypair works across every Solana app
the "authorized actions" aren't shell access, but transaction permissions
Your identity isn't a profile page. It's the ability to sign.

Public keys aren't usernames (and that's intentional)

A Solana address is essentially a 32-byte Ed25519 public key, commonly shown in Base58 encoding, like:

14grJpemFaf88c8tiVb77W7TYg2W3ir6pfkKz3YjhhZ5

Base58 is used because it avoids visually confusing characters (like 0 vs O, I vs l). But more importantly, an address is not a "name." It's not stored in a user table. It doesn't need to be "available." It's just a public key.

In Web2, a username exists because a company maintains a mapping:

username -> account record -> permissions

On Solana, the mapping is more like:

public key -> what the blockchain state says this key controls

That's why you can't email Solana support to "claim" an address or reset it. The network doesn't know what an email is.

Wallets are identity managers (not identity providers)

So where do wallets fit in?

A wallet (Phantom, Solflare, Ledger, a CLI keypair file, etc.) is basically a tool to:

store private keys (or help you derive them from a seed phrase)
show you your public address
sign transactions when you approve
When a dApp says "Connect wallet," it's not doing OAuth. It's asking:

"Do you control this public key, and will you sign messages/transactions to prove it?"

This is why "identity" on Solana is portable. Your keypair works across apps without integrations, because every app can rely on the same cryptographic standard: signature verification.

Ownership beats permissions

In Web2, you often get permission to access stuff. In Solana, you have ownership backed by cryptography.

If your public key owns tokens, NFTs, or has authority over an on-chain account, that's not because a company granted it. It's because Solana programs enforce rules like:

only the signer for this public key can move these tokens
only the authorized key can update this account's data
only the governance voter can cast this vote
That's what people mean when they say "self-custody." It's empowering - but it also comes with responsibility.

No password reset means: lose the private key, lose the identity.

What on-chain identity enables

Once identity is "a key that can sign," a bunch of things become possible across the whole ecosystem:

You can hold tokens and use them anywhere.
You can interact with programs (DeFi, NFTs, games) without creating new accounts each time.
You can build reputation tied to an address: governance participation, on-chain activity, achievements.
You can have multiple identities: one wallet for public activity, another for savings, another for dev/testing.
It's not just a replacement for usernames - it's a universal authentication primitive for an entire network.

Final thought

If Web2 identity is "a bunch of accounts I rent from companies," then Solana identity is:

"a keypair I control, and my signature is my login."

Once you start viewing your wallet like an SSH agent and your address like a public key, Solana becomes much easier to reason about.

Forem: Liu