I expected better than name calling from you.
Discussion
Lesson of the day:
I don’t care what you expect of me. Lmao
in order to be a successful influencer you must be an asshole
heads-up: we looked for a lightning address on your profile but could not find one... u can get a free one at https://rizful.com ... and then reply back to this comment so we can zap you.
I tried to get one but it required me to log in with email and password
Yes. Here is the note about that from the FAQ on our home page:
Can I log in with my Nostr account?
We have carefully designed Rizful for maximum security. At the same time, we have found that too many Nostr users have poor security practices with their private keys. (For example, entering private keys into many websites and apps.) Since real money is involved, we don't allow users to login via Nostr, and we don't ever ask for your private Nostr key. A combination of email/password, plus optional two-factor authentication, is the battle-tested and secure way to protect your Rizful account. This also means that, if, in the future, you make a mistake with your Nostr keys, your Rizful account won't be vulnerable.
We have noticed that many people use custodial email in combination with a generic password
Email is far more vulnerable than a private key approach
2FA can also work with Nostr
Sure, I will agree, for technically savvy users -- developers, etc., that a private key might be a better approach.
The issue is Normies -- people who have never touched a private key, and don't really even have "a place to put it".
The issue isn't just "security" -- the real issue is "I have this account with sats somewhere and I can't remember what the website is called or how I get back to it or what my password is." This is EXTREMELY common. Everyone knows the solution to this is to search their email for the right keyword and BAM -- there is the confirmation email from the service. Then you go to the service, do a "password reset" -- and you are back in.
If the user has not enabled 2FA, then you are completely right, a user can be hacked by someone gaining control of their email.
But I submit to you that this is not the usual problem. The usual problem is "how do i get back to the website where my sats are stored, I can't even remember the name of it."
I expect that 75% of Nostr developers and Linux users will vehemently disagree with me on this issue.
Fair
The other issue is this -- I am technically savvy, and when I FIRST joined Nostr, I mistakenly set up multiple separate private keys on different apps, and got fully confused, and then had to start over again.
If I had started my journey by ALSO locking my satoshis to the first private key I ever generated... I would have been very sad.