Tonomy enables users to access any affiliated Web2 or Web3 applications seamlessly. The sign-in process, analogous to Google Sign-In but employing QR codes, bridges desktop websites with mobile devices, establishing the mobile device as the primary authentication authority.

The passwordless single sign-on mechanism eliminates the need for users to input their passphrases for each website login. Instead, it utilises QR codes and URL redirections for swift and user-friendly authentication.

A distinctive aspect of the single sign-on process is the generation and authorisation of an application-specific private key. During the login procedure, a private key is randomly generated on the user’s device within the currently used application. For instance, a unique key is created in the local storage of the user's browser tab on airbnb.com. Upon consenting to the login, this key is authorised to sign data on behalf of the user, with its scope limited to the application being accessed [Ref #3]. This key is subsequently employed for authorisation purposes from the application to Tonomy ID and in digital signature functionalities.