Unfortunately I don't think you can get simpler than nsec login. It's also the easiest way to create an account. Anything more is very confusing for normal people. You either have server-side custody, a different browser app like nsec.app, or a new app on your phone, all of which can have the same problems. A key rotation scheme would be an improvement worth having, and educating users to reduce key exposure and not use their main key for storing ecash or secret communications or whatnot seems like the way forward in the short term at least.
Discussion
Requiring an extra signer app or extension is not much different from a service like Gmail requiring a two-factor authentication scheme when you create an account.
We should work to create a "pit of success" for users to fall into, and I'm concerned that raw nsec signing doesn't do that.
UX research and future development in the Nostr space could probably produce low-friction identity creation that guides users into creating an nsec and storing it securely in just a few clicks/taps. It's not an easy problem to solve, but could provide huge value to users.
You're probably right. I think we'll get there, we just aren't yet. Bunkers were introduced about a year ago, and have come a long way in adoption, but they're still not quite "easy" (unless they're custodial, and even then, most of those are offline).
yeah, the problem was relays
and the reason was complicated, ugly languages used to implement most of them, that make changes difficult to reason about
I agree. More work is needed in this area.
i think there should be more than one signer... and some thought needs to be put into how to do it on desktop with browsers
you can recommend people install nos2x or amber, and remove it from your web and desktop versions...
i agree with the principle of it... the more complex an app, the more likely it is to have a bug and if it's a security feature, potentially a vulnerability
people should also be wary not to make these signers into all singing all dancing omni-apps also
So this is perfect--and what should happen.
We find a bug, and it's now opening up a great dialog on potential ways to improve Nostr and the log-in / account creation and maintenance processes.
"Making a mistake is a gift...you now get to fix it AND make things better!" 😃
Love this thread!!
Agreed, it's a profitable conversation