Avatar
Kräftig 1y ago

Not sure if possible or how it would work, but for logging into web apps and clients could a user use their verified NIP-05 and connect it to 2FA? Is that possible to eliminate browser extensions and the need for pasting your nsec? #asknostr #grownostr

Reply to this note

Please Login to reply.

Discussion

Avatar
The Beave 1y ago

2FA is terrible and should be avoided since nearly all 2FA methodologies are about Metadata harvesting and not about securing anything.

Avatar
⚡ Dee Kay ⚡🇸🇪🇬🇧🇨🇿🇧🇷🇦🇹 1y ago

Mobile number as 2fa is simply the worst. You don't actually own it so can be easily hijacked... And now random website has your phone number.

Avatar
The Beave 1y ago

Yup.

Avatar
Bitinsightful 1y ago

Yubikey or Ledger Flex seems best now.

Avatar
Dikaios1517 1y ago

Where would your private key be stored in this idea? Would it be held by your NIP-05 provider and the client would call out to them whenever it needs an event signed by you?

Avatar
Kräftig 1y ago

You would still hold the private key. You would just use the NIP-05 as your login credential.

Avatar
Dikaios1517 1y ago

I guess I am confused. Logging into what? A client? Doesn't matter unless that client somehow has access to your private key for signing through that login.