Replying to Avatar DanConwayDev

I wouldn't treat an ncryptsec as secure as a lot of people will use weak passwords. Instead of sending it via email why not copy it to the clipboard or show a QR code? Also you could wait until the user has confirmed they successfully logged in elsewhere before deleting the nsec.
Avatar
DanConwayDev 1y ago

I'm really uncomfortable with custodial key management solutions like this for nostr but I can see why its attractive.

An alternative approach could be to store the key on device and approve a new login from a new device running Flottila by sending the nsec eg via DMs with an ephemeral key. I suppose that's not much different UX than showing a QR code or copying to the clipboard like I suggested.

Reply to this note

Please Login to reply.

Discussion

Avatar
hodlbod 1y ago

I wouldn't send via DM, but I do want seamless multi-device login for flotilla, which reliance on an existing session makes difficult