We need to transition away from direct private key login. It's not only insecure and bad for onboarding experience, but it is also a bottleneck to this protocols development.

The majority of the web ecosystem is declining because a large percentage of people either don't understand what extensions are or haven't set them up.

No one is building native apps because they know that no one will use the app's private key for login.

Soon, there could be a security exploit, and keys may be leaked, resulting in headlines like "Nostr got hacked," and that will always stay with nostr.

All major clients must reach a consensus to establish a standard for disposable secondary keys.

How is this not a priority?