Nostr login was and is a horrible idea.
Discussion
I’ll never know what this means
👀 well yeah?
When key management? It’s sad that the biggest security issue on this platform continues to be ignored. Odds are many accounts are already compromised, and users just don’t know it yet. The longer developers dismiss this, the more damage it will cause and eventually, it’s going to drive people away. Tick tock 🍿
Frostr is being worked on and AFAIK can be used today, they're just working on the ux
I mean, they way CoinOS implemented it. Id imagine that the server just presenting a challenge that youd need your private key (or a signing app) to prove would be reasonably secure
But storing everybodys private keys on a server, even if salted or whatever they were doing, is just retarded
Through pasting your private key or via an extension? Or generally?
😳😳
Maybe if disposable keypairs were used this would be more viable.
Sharing your "main" identity with a service provider is dumb.
Any kind of login is a horrible idea. All you should be is present and active.