Every single nostr app I use has nsec login. Some have additional login options, but it's not consistent.
Nsec login is the only login that every nostr client supports.
Discussion
Not #Coracle, and for good reason. Even devs with the best intentions can compromise their users' private keys if that information is available to them because the user is pasting in their nsec to log in.
Today if I drop my phone in a volcano, get robbed, or throw my phone through a wall in anger...
I simply get a new phone, put my nsec i have saved on paper into amethyst and I have my nostr account back.
Simple. Intuitive.
NO EXTRA APP NEEDED.
🤷
Apparently my key is at risk because of this, according to you?
Not according to me. According to real events that have actually happened where private keys were exposed because nsec login was permitted and though the dev believed he was being careful not to let that data be exposed, he found out there was something he hadn't taken into account.
Other clients may have actually intentionally gathered private keys from their users. A lot of early Nostr users may have had their private keys compromised from one client in particular. nostr:nprofile1qqsr7acdvhf6we9fch94qwhpy0nza36e3tgrtkpku25ppuu80f69kfqpz9mhxue69uhkummnw3ezuamfdejj7qghwaehxw309aex2mrp0yhxummnw3ezucnpdejz7qg4waehxw309aex2mrp0yhxgctdw4eju6t09ug4n6q3 would probably remember which one. It started with an A, if I remember correctly. No, not Amethyst.
I believe even nostr:nprofile1qqsyvrp9u6p0mfur9dfdru3d853tx9mdjuhkphxuxgfwmryja7zsvhqpzamhxue69uhhv6t5daezumn0wd68yvfwvdhk6tcpz9mhxue69uhkummnw3ezuamfdejj7qgwwaehxw309ahx7uewd3hkctcscpyug has talked about dropping support for nsec login in the past.
Anigma back in the day, December 2022, has a cross site scripting issue and potentially leaked every key of users logging into their web app.
Vitor mentioned removing it, yes. I think that's a good idea and a bad idea 😂 It's good for all of us here now, but confusing as hell for new users. Hey, wanna use this app? Well you have to install another ap first. That's not good UX.
I wonder if the best way to resolve this is to have a kind 1 client as a user's initial onboarding client, that gets them set up with a private key, their profile, and allows them to have a NIP-60 wallet right away or connect a wallet of their own, and then can be used as a signer app for any other Nostr app they want to log into. That way it is still just one app that has their nsec, and provides them instruction to back it up, of course, but also only one app that a new user needs to install to get onboarded.
Yes. Way ahead of you. Help us bring back the cool myspace days, but in a nostr client.
MILLIONS HAVE NOSTALGIA FROM MYSPACE.
I'd like a full functional browser and mobile client by the start of 2026 that at least has all the things mentioned here:
https://spacestr.com/npub1wl89d7yazg500lehg08p45dj2jzhhyqg2erj067458e3wd30djns4zn8lu