Currently NSEC is acting as a one key to rule them all concept. People are plugging their one key into all kind of apps, some secure, many not. If any of those apps are compromised, your entire account and every thing you logged into is compromised.

This is akin to using one password on all your accounts. It's bad OPSEC.

What I mean is we need a way to create multiple keys based on that ONE key pair, similar to creating a unique password for every account. This way, if one Nostr based app is comoromised only that "baby" key is compromised and not the "master" key that it came from. An option to "freeze" these keys or delete would be even better.