If you onboard a newbie to nostr, make sure to help them get the nsec into a password manager or similar.
Phones will be lost. Apps deleted. They don't know what they do, and with this (imperfect) backup in place they won't have to start from scratch.
(Speaking from experience obviously; someone reached out to me and I wasn't able to help them recover. All they had was the npub)
Exactly ๐ซก
Look that note1kq9rftjj6mly6uddu2fn6yffe89jzsgrrpzyu05jecjpy95kv9zquyhkg0
ALTERNATIVELY, "IF THEY'RE A NOOB, CUSTODY THEIR NSEC FOR THEM AND CHARGE RENTS." - FIAT SMOOTH BRAINS
What are thoughts on stamping nsec on the same piece of steel that seed phrase is on?
There is no perfect. Password manager setup is the most well tested robust solution we have. Nostr specific solutions are experimental and attempts to create a nostr convenient solution.
True. Even meโฆ
Universal adoption of NIP-06 plzkthx.
Yes, good advice but donโt forget to tell them not to do this for their Bitcoin seed phrases ;)
Indeed this is a critical point. There's nothing worse than using your Nostr app for 3 months and then losing your account because your phone breaks and you haven't saved your password anywhere.
Do you have any suggestion to improve this aspect on Nstart?
I would encourage the nsec to be stored in multiple places (and different mediums), just like any critical/important data.
I have mine written on paper, in a ziplock, in a "fire proof" safe, along with ascii txt files on external drives.
The user is already instructed to do so and must confirm the step:
I would not want to block it too much at this point with specific instructions on how/where to save it. Maybe it could be added at the end.
That looks great!
If you want to provide more details, I'm thinking an external link for "Best practices for securing a key" would do the trick.
I think what you have now is fine without it though.
For backup, that's fine. No one should be comfortable moving their nsec around. It should never leave the password manager unless there is an issue.
I'm talking about noobies that have absolutely no idea what's going on. If they get rekt, they will reach out to the person that onboarded them. Or if they onboard themselves, they might remember that they put it somewhere.
we have this option but people skip it a lot. may need to remind them often like signal does with pin reminders.
#touchpaper
Hodl your nsec like a seed phrase ๐
Most people donโt even use a password manager. One size fits all.
"or similar" = notes, or a msg to themselves, etc
Would it be too paranoid to save the nsec only in offline devices and use it only with a hardware signer? Just like it is advised to do with Bitcoin. Impersonation could be a potential source of problems, specially if you are a well known person
Working on a simple ed. platform for the new comers. Will cover.
Yup already happened to me lol. Got a new phone and never saved my keys so know I have two account one with no access just floating in the nostr ether.
If I lost my phone and thereโs some Sats in the Primal Lightening wallet, would I use my nsec private key to recover them? Or another recovery method?
Thanks ๐
Yes. We try to make this clear on our onboarding page https://rizful.com/get_on_nostr_today
Coinbase can store these too
I worry about the password manager being hacked one dayโฆ as you say an (imperfect)
Misplaced worry. It's similar to worrying about bitcoin being hacked.
๐๐๐๐๐โ
Thoughtful โworryโ saves lives.
Misplaced worry drains all energy & eventually kills.
Use a local only password manager, such as keepass, and then back it up to a flash drive and other devices in your possession. At least that's how I handle my database. And I've never lost access to it.
I use keepassxc on one of my computers but I also self host a vaultwarden instance
I use keepassxc for my laptop and keepassdx on lineageos. I have been using it that way since 2019 and find that it works well. Since my phone is my primary computing device, that is where the main database lives. And then, about twice a year, I back it up onto two separate flash drives. I also have a copy on my laptop, but that one only gets updated if I specifically need something newer that I don't have already. I will do another backup if I make a very large change to it, such as adding a new crypto wallet or something so that I make sure not to lose that. But otherwise I found that it works quite well.
Great advice. I lost my first two NOSTR accounts due to this. I just save my nsec to notes๐
We should stamp seed it on a plate, tbh
good advice..
nostr:note1dmxrhxs77j4cy9z943du9h4md62nzpgcqwpj0e4zeyfz7y3yyx5q88wsnc
