password managers generate a unique password for each website. this means if one of your passwords leaks it won't compromise any of your other website logins.
nostr-login is a regression: if you leak your nsec then they have access to every website that you've ever logged in to.
using your npub for logging into everything is a really bad idea security wise, please be conscious of this before implementing or pushing this as a login solution to websites which may contain sensitive information.
We need deriviative keys.
Please Login to reply.
yes but how do you maintain identity???
Main npub could sign for valid derived keys and invalidated ones via an event?
Consistency is a big problem, events do not broadcast
