I guess username and password is doable with the nip-49.
Signup: generate a private key, encrypt it with nip-49 and send it in an event with a d tag as your username.
Signin: query event with d tag as your username and decrypt the ncryptsec with your password.
This is how I would implement username + password login.
nice. that means you can't forget your password though, which is very unintuitive for many users.
In that case, the user can set up a backup. By example seed phrase, recovery question or nsec. It’s no longer unintuitive because we already use this kind of recovery methods.
users expect to be able to reset their passwords unfortunately. often they don't even write down their pw because they're used to being able to reset it.
