When trying a new client, I always generate a new nsec first, give it a try and see if it's even worth the risk.
Discussion
That’s a solid tactic. Apparently there is an nsec signer which could be a useful piece of hardware if it can protect nsecs from being compromised when moving between clients. Not sure how it works yet though.
I’m going to keep up with the space and be conservative with the attack surface I expose my nsec to.
Over time I think trusted clients and hopefully a trusted nip can be built / implemented that protects nsecs reliably. That or hardware that accomplished the same thing.
Thanks for the input. Followed, zapped ⚡️🧡💜
Well, there is NIP-07 (browser extension) which is somewhat better than just blindly trusting the client, but it just moves the trust to the extension jnstead of a client.
There is also nsecbunker, which I am not entirely sure how it works yet.
If there was a hw key too, that would certainly be also very cool, tho I am not aware there is such a thing yet
https://shop.lnbits.com/product/nostr-signing-device
Not sure if it just holds the nsec securely or if it can protect from third parties cryptographically when entering in new clients.
Not sure yet, but it's just a microcontroller (esp32), which is somehow supposed to work with a browser extension implementing the nip-07 I mentioned above.
You still have to use a browser extension. What I'll have to figure out is how exactly is communication between the browser extension and the device is supposed to work.
What I believe could be the case would be, that it would basically implement the nip07 itself and use the extension just to pass the data along to the client.
Clients also modify some configs, so if you use multiple clients they can interfere with each other 😞