Replying to Avatar jb55

password managers generate a unique password for each website. this means if one of your passwords leaks it won't compromise any of your other website logins.

nostr-login is a regression: if you leak your nsec then they have access to every website that you've ever logged in to.

using your npub for logging into everything is a really bad idea security wise, please be conscious of this before implementing or pushing this as a login solution to websites which may contain sensitive information.
Avatar
Tim Bouma 1y ago

lud04 handled that well. A new private/pubkey was derived by the wallet for each domain you logged into.

Since an npub is more like an identity than an identifier if you have concerns you can generate or

derive a new npub for each site you log into.

Reply to this note

Please Login to reply.

Discussion

No replies yet.