Nostr Web Client

password managers generate a unique password for each website. this means if one of your passwords leaks it won't compromise any of your other website logins.

nostr-login is a regression: if you leak your nsec then they have access to every website that you've ever logged in to.

using your npub for logging into everything is a really bad idea security wise, please be conscious of this before implementing or pushing this as a login solution to websites which may contain sensitive information.

Evan 1y ago 💬 1

Thoughts on revokable single-use passwords tied to your nsec?

Create it, use it, you’re logged in until you log out, revoke it, or the cookie expires. Create a new one to log in next time. All tied to your nsec, without revealing it.

There’s lots of shit wrong with Bluesky, but this feature is something they did very right.

Reply to this note

Please Login to reply.

Discussion

ben 1y ago 💬 1

read this thread

@note1d4u4tl72ezsjk72f45zds67nwnkx3zdqhcu9ysthjv9n4gfv880qpn5wxe

Evan 1y ago

Yep, that. Great idea.