The following is copied from the Tonkeeper News, which is relevant to the question at hand:
End-to-end security with TON Connect
Blockchains directly enable people to control their financial assets by using a so-called “non-custodial” or “unhosted” wallet: an application that keeps a cryptographic key securely on your device. This key is used to authorize transfers of coins and tokens, protecting your account from unexpected or fraudulent charges. Your account exists solely on the blockchain and can be accessed over open protocols using any wallet the same way you can surf the internet with any compatible browser app.
There is a concept of “end-to-end encryption” in messengers that works thanks to personal control over cryptographic keys. We at Tonkeeper want to extend this idea towards “end-to-end security” and bring it to many more applications in the TON ecosystem. We want most services to operate in a non-custodial manner, such as getgems.io, where users never have to blindly trust the service to perform operations correctly on their behalf.
This is how it works
First, you log into the service with your wallet. No more emails, passwords, entering two-factor authentication codes, solving captchas, and other hassles. You register and login with one click.
Second, if the service needs to remember your personal information — e.g., credit card number — it will encrypt it with the special encryption key that’s only available on the client’s side. If someone hacks the database, they will find nothing more than gibberish — no more stolen identities and compromised databases of user records.
Lastly, if the service lets you do something on a blockchain, such as voting in a decentralized organization or selling NFTs, your wallet will be your guardian. The service will prepare transaction details and send them over to your wallet, where you approve that exact action. If anything wrong happens on the service or it is hijacked by hackers, your wallet will be unable to be tricked into doing something without your permission.
To achieve this, we are working on a set of open standards to propose to the TON community, and today, we’re announcing the launch of experimental support for the first protocol in that suite: TON Connect.
Introducing TON Connect
TON Connect is a way to register and log in to any service without passwords or third-party accounts. TON Connect works in one click, respects your privacy, and is designed as a simple and open standard. We encourage all wallets and services to implement it.
There are two ways to sign in:
- On mobile: Click a “Log in with TON” button.
- On desktop: Scan a QR code with Tonkeeper.
In both cases, Tonkeeper will show you a confirmation panel, tap “Log in” and you’re in!
TON Connect is supported in Tonkeeper 2.2 on iOS and Android.
Advantages of TON Connect
It’s the easiest way to create an account and log in: just one click in the app, and in a second, you’re authenticated.
Security: Your personal data is not shared with the service, and there are no passwords to be compromised. Services often don’t have to bother you with two-factor authentication: Your wallet is already a two-factor device with your physical access to it and PIN protection.
Privacy: Tonkeeper generates a unique identifier for each service to minimize risks of cross-site tracking. Users are free to choose what data to share. For instance, your wallet address is not exposed by default.
Feature-complete: TON Connect lets you register, sign in, and confirm individual actions all through the same one-click flow.
We invite you to check out the specification and the JS SDK on our Github:
We will evolve TON Connect incrementally, rolling out additional features over the next releases of Tonkeeper. One of them will be proof of TON wallet ownership, which will be useful when you want to prove ownership of a blockchain item. Another important feature will be support for push notifications to allow seamless confirmation for transactions.