I believe many people who see the signature login step for the first time — right after connecting their wallet — must feel confused.
After all, connecting a wallet already gives the site your wallet address. Why isn't that enough to log in?
To answer this question, you first need to understand one thing: connecting a wallet and owning a wallet are two completely different things.
Connecting Your Wallet
When you click Connect Wallet, what you're actually doing is very simple — you're telling the website your wallet address. That's it.
Because wallet addresses are public information. On any blockchain explorer, anyone can look up the balance and full transaction history of any address. In other words, knowing an address does not mean you own that address.
If a site logged you in with just your address, anyone who knew your address could impersonate you and log into any website as you.
Signing a Message
Every wallet address has a corresponding private key — a secret that only you hold. When you use your private key to sign a piece of content, it produces a unique cryptographic string.
When the website receives that signature, it uses your address to verify it. If the verification passes, it confirms that the person signing truly holds the private key for that address — and only then is the login complete.
How the two steps work together
This signature requires no gas fee and triggers no on-chain transaction. It is purely a mathematical proof of ownership — nothing moves, nothing is authorized.
Summary
The core philosophy of Web3 is that you don't need to hand your identity over to any platform. Only you can prove you own your address — because only you know your private key.
The signature step isn't an extra hurdle. It's the mechanism that makes trustless, self-sovereign identity possible in the first place.