Replying to Avatar James

I am not a tech savvy individual. I do not write code or program anything. My question to those that are is, if someone gets my key, what would stop them from logging into a client as me? Is there a type of 2 factor authentication for nostr clients? I apologize if this is a ridiculous question, but I am always looking for ways to double down on my security and I am still learning nostr. Thank you in advance.

#plebstr #plebchain #security #clients #2factor #nostr
Avatar
ODELL 2y ago

yes, anyone with your private key can use the account - post, edit profile, etc

there are extensions such as alby and nos2x that protect your key from webapps, which reduces risk a bit, but we need better tools, will take some time

Reply to this note

Please Login to reply.

Discussion

Avatar
Ivan 2y ago

For now just don't go crazy pasting your Nsec around. We def need better tools. If you want to test out new stuff that requires an nsec just create a new account you do not care about and use that

nostr:nevent1qqsrqy9uwlaa432uwmw8txfqmddcc39p0j7h8h848dp7m3k3ck4qxgcpzpmhxue69uhkummnw3ezuamfdejsygqyey2a4mlw8qchlfe5g39vacus4qnflevppv3yre0xm56rm7lveypsgqqqqqqs4xjtjk

Avatar
ChipTuner 2y ago

What about a vault backed extension? Keys never leave the vault machine unless accessed physically. Signing happens on the machine, browser never sees any of it. Self hosted of course but could scale if needed. Advanced MFA could happen with browsers which is nice as-well