Pasting private keys feels dirty.
Discussion
Don't do it. Use #[2] on Desktop, and a native app on mobile (Amethyst on Android, Damus on iOS)
Yeah, I've got Amethyst and also testing Iris after a few recommendations.
Too late now I know, but what's the flow with Iris/Alby?
Alby, as you probably know, is a browser extension. You can connect your LN wallet, called "Account" (multiple backends supported: LND, CLN, Lnbits, LNDhub etc etc) , and use the Alby extension to store your Nostr Private Key in that Account.
When you log in to Iris (or most other web clients, such as snort.social, hamstr.to, astral.ninja) there is the option "Log in with Extension" which will pop up Alby. [Kollider has a similar extension, but there you cant connect your own, non-custodial LN wallet]
Every Nostr event that required signing with the Priv key, such as Post, would pop up Alby extention promting you to approve, But you can also use auto-approve (It's called "Always trust this site" or somethign similar..)
Essentially, the extension is a bit like a password vault to safely store your private key, and only load it up when you need it to sign.
try snort.social for desktop
If using web clients, I recommend installing the chrome extension nos2x for handling authentication more securely.