Instead of your npub being a public key for just one private keypair, your npub could be an xpub like for a wallet seed phrase. Then you can use a new private key whenever it suits you, and your profile contains a list of invalidated keys and timestamps, so only the "latest" public key you are using will be recognized by your followers. This way you can have your working private key compromized but your identity is not. If someone steals the private key from your device or browser, you can publish an invalidation for that old pubkey with a timestamp signed by your next private key in the seed derivation sequence. This way everyone can know which pubkey is you and when the old keys became invalid. Now everyone knows which messages are signed by the new "real you" because they know you by your xpub and not your individual public key.