I'm also not even close to expert on the Nostr protocol, so I'm speaking from an amateur perspective. I would reference other people's input but I think I'm educated enough to spot potential low to intermediate security issues. Passkeys on the surface (as I'm learning more) don't seem right for me.
Discussion
Of course . In the end it boils down to adaptability right? If it doesn’t sit right then probably it doesn’t for a lot more people as well which then becomes the problem to solve.
One of my jobs in my household is tech and security. So a lot of times my takes are based on what I see from truly amateur users (like my wife). She is super trainable on this stuff (meaning she does what I tell her to, but she also is about as clueless as one can be lol Which is probably 99% of people. So I'm always trying to get outside of myself when thinking about and implementing security measures. What is the dumbest shit I could do, how do I mitigate those things, and what am I most likely to actually do (security fatigue). Finding balance is difficult and there isnt one perfect solution. For example, I don't think OTP and password manager apps should be accessible from the device being used to login. But few people are willing to carry a separate device. So maybe you force a PIN or login to those apps. Stuff like that. I'm learning and thinking about this stuff frequently.
Haha yea thats exactly how it should be! But yea 2 devices is definitely a chance.
I think otp already brings the odds down to 99% dont u think? Combine that with 7 billion people in the world, we need not worry about the 1%