Apps probably shouldn't allow users to sign in with nsecs these days. Just creates extra work for the app builder imo. Is there any benefit, besides user convenience?
Practice safe nsecs, don't raw dog it into any apps. Use a signing extension. Nos2x, amber etc.
If you did this with coracle, my take is probably nothing will happen, but you can't use that nsec to store any kind of nutsack/ecash anymore.
I do applaud nostr:nprofile1qqsf03c2gsmx5ef4c9zmxvlew04gdh7u94afnknp33qvv3c94kvwxgspz3mhxue69uhhyetvv9ujuerpd46hxtnfduq35amnwvaz7tmjv4kxz7fwwajhxar9wfhxyarr9e3k7mgprdmhxue69uhksmmyd33x7epwvdhhyctrd3jjuar0dak8x6lmt90 for doing the right thing and disclosing, this is a major mistake and a devs worst nightmare. But it's also a user mistake to just paste your nsec into websites. This won't be the last time a security flaw will be discovered.
Discussion
No replies yet.