Yeah when someone explained that Nostr uses browser extensions to save keys, it made total sense. But as an end user I feel like I had no prior expectation that that would happen
Installing a browser extension to log into an app isn't very intuitve
Discussion
You can log in with your private key directly if you want. That's not too secure... Or you can use amber signer or a bunker (remote signers) "logging in" to nostr isn't really "login" in a traditional sense. It's "let me tell the client what my public key is and how I would like to sign events with my private key for this session"
Logging in has to be the biggest hurdle because it's fundamentallly different than the way you are used to signing into apps. You control the keys instead of just making a personal password that some central authority ties to some account in a central database. Your password on nostr is derived and never changes. There's no way to fix it. The only way to make it easier is better UI and education.
Shouldn’t really need to as a new user. We have too much paranoia around key security imo. Let new users just use it directly without extensions. Sooner or later they’ll learn best practices and can get a new key if they like. We all came here mostly with the Jack wave and no one used any extensions back then and look at us - we’re fine.