I'm curious. This is a question for people that do not use a signer and put their insect into apps. Where do you store your insect at? And if a new mobile app requires you to put your insect in how do you get it over to that app to paste it in? #asknostr
Please share I'm very interested in answers here.
I donβt know if many people are going to reply with βhereβs where I story my insectβ
but Iβve considered this as an option for data storage
https://github.com/superbacked/superbacked
I would love to run a bunker locally but I think I need an x86 machine because I canβt get it running to save my life.
I don't see why not. I store mine in. Markdown document. They don't have to be specific. I want to know the flows they take to get it from point a to point b. Since they have to do that a lot of theyr trying out apps.... People saying amber sounds like bad us. Bad ux sounds like trying to get it from one device to another without going over the Internet every time I want to try a new app.
I donβt know, like I said, I canβt even get nsecbunkerd to run after about year of trying. Personally I donβt want to rely on having an android phone app be the end all be all for my insect. I would prefer to run the bunker code and relays myself to ensure I have connectivity
I would never ever suggest an app or any software to be the final solution to store your keys. I only suggest an app as a signer to be the end all be all to signing with those keys. Storage is much simpler. Get a flashdrive and put it on there...
A password manager fixes this in most cases.
Another app...
Itβs built into the iPhone
It's still another app. Same thing everyone is complaining about that don't want amber. Integration with separate software bad for some reason. Even though the ux is the same...
But itβs not like you need a different password manager for every kind of app.
I'm not sure I see what you're saying in comparison to amber? What's the flow like using a password manager and getting the nsec into new app you're trying?
Still copy and paste from a third-party password manager. If you use the native iOS password manager it can autofill without having to store it in your clipboard, which is the least secure step of the process.
You do not copy and paste from Amber.
I know. Iβd love it if someone could find a way to bring that to iOS but it may not be possible.
It's definitely possible.
nostr:nprofile1qqs827g8dkd07zjvlhh60csytujgd3l9mz7x807xk3fewge7rwlukxgpz9mhxue69uhkummnw3ezumrpdejz772u5wm any interest?
Doesn't iOS have aegis already? I never tested it so I don't know how it works
Yes, it works as a bunker.
Works with like 4 apps from when I tested it out. Not sure if it works with web stuff yet.
And thereβs nowser
Links?
https://testflight.apple.com/join/DUzVMDMK Aegis for Nostr
Quick with the whip π€
Any apps use this yet?
Safer than copying and pasting from a text file.
Well Yea... That's why I do it once. To amber...
But since I canβt use Amber on anything except Android, it doesnβt help me much.
Yea iOS should have an equivalent. Nostore is a good signer but still has internet permission of I'm not mistaken. I'm not comparing amber to a password manager. Amber is a signer. It's role is more than password management. It's nostr key management. Inherently more specific in its use case.
Nostore (deprecated) was replaced by Nostash (a fork by nostr:npub1yaul8k059377u9lsu67de7y637w4jtgeuwcmh5n7788l6xnlnrgs3tvjmf) that works fine for browser clients using Safari, but there isnβt anything that can sign inside apps.
A password manager isn't another app for me because I also use it for 500+ other passwords
Amber would be another app
I'm not oppoed to Amber, I just don't have any need for it myself. If I wanted to try a bunch of nostr apps, and for some reason I was opposed to using a separate nsec for testing, I'd probably be delighted to have Amber.
Just because you use it for more things does not make it a separate piece of software.
Oh I absolutely want it to be separate, for the same reason that people want their signer to be separate.
But since I already have a password manager it means it is not an extra app. Using a signer app would mean doubling the number of nostr apps on my phone.
Again, if I use a dozen different nostr clients and wanted them to all use the same account, I'd be all over having a signer. Different software for different use cases.
Your password manager is still handing over your private key to a client and you're trusting your client to handle it properly. That's the problem. The password manager is not a secure solution. The password manager itself will keep your key secure but the client you hand it to may not.
Like I said, I would use a different account for a sketchy client. You asked how other people handled this problem, and I'm telling you. No need to get snippy just because you don't like my answer.
I'm not trying to be snippy.
I thought nostr:npub1zmc6qyqdfnllhnzzxr5wpepfpnzcf8q6m3jdveflmgruqvd3qa9sjv7f60 made an excellent point. I donβt like having to copy and paste my nsec into anything, especially because it stays in the clipboard and can be pasted accidentally. Thatβs been a problem since the start.
I donβt copy and paste, I autocomplete, never lands in the clipboard.
I store my insect in a mason jar with holes poked in the lid so it can breathe.
Good idea.
Voice to text and typostr strike again!
I use amber now.
But previously I would just go into amethyst's setting and get the nsec
So you just onboarded with amethyst and never backed it up anywhere? Do you have a backup not on your mobile phone?
Yikes, I know people who have lost their phones and forever locked themselves out of their profiles.
I think I did that. I mostly think it's fine if i need to start afresh, which may or may not be a typical view. No idea
I'm pretty sure I stored it somewhere in my email maybe or in my documents on laptop or etc.
Would I actually bother to find it, if for some reason I got locked out of my account? Not even sure it's worth the effort of trying to remember where it is lol
Its in my password manager
What manager do you use?
What's the flow from your manager to trying a new app?
It recognizes those as password fields at least in the apps I tried. I wasnt aware of amber before but for amethyst and primal I didnt really need to worry about getting my nsec stolen. Amethyst is my goto app and primal my backup as I notice in amethyst I sometimes dont see things.
I have it messaged to myself in several e2e messengers. If I need it, I find it and copy&paste where it is needed.
I didn't even think about having it saved in a password manager... So I'm glad you asked this question.
My backup is on a flashdrive with a QR in addition so I can scan it with an external device if needed. I'll never need it again until I get a new phone since I use amber. On desktop use nos2x. Hence the backlash for not having amber support. Because people like me are not going to go digging up their nsec just to try a new app... I already have it secure in amber. I know all the places it's at. If I go putting it in everything I try I now have to remember it's there and trust they some mishandle it.
Yeah. That's smart! And I very much agree.
I like the idea of a paper backup on QR. Too bad no clients (besides Amethyst) support this as a login method.
Well... Amber supports a qr scan of your key too... π
I wouldn't really recommend it for most apps for the same reason I wouldn't recommend apps that don't support signers. I have to trust the client with the key. That's a no no for me.
That would be ideal. If I didnβt use iOS, I probably wouldnβt even think about it. Iβd just be using that and an extension on my browser.
That's how I roll π
You can also use amber to interact with desktop apps. But basically no desktop app has it where I can scan a QR on a desktop with the callback to amber. I'm working on it for grain. But essentially you click login with amber on a desktop app and it ask either to proceed with amber (mobile web) presents a qr to scan on desktop that calls amber from your phone. But I think in that case it might still be handing your key to the client. I don't really know. I got amber working but tried a few times to get the other flow, couldn't get it working and went on to other things. nostr:nprofile1qqsd6ejdteqpvse63ntf7qz6u9yqspp4z7ymt8094urzwm0x2ceaxxgprdmhxue69uhhg6r9vehhyetnwshxummnw3erztnrdakj7qguwaehxw309a3ksunfwd68q6tvdshxummnw3erztnrdakj7qg3waehxw309ahx7um5wghxcctwvshskcpe2h has a little experience here.
KeePass DX with magic keyboard
Woah. Sounds fancy. I've of keep ass but never heard of DX or magic keyboard. Very interesting. I'm learning a lot in this thread. That's why I asked.
Thanks for the response!
I dont use any extension i put i nsec everywhere. I know where in what apps. My nsec is saved in my phone. Its been like that for 3 years. I use my raw nsec so what its been a very long time and guess what exactly nothing π
Is this the origin story of the next Hodl? 'Insert your insect to log in'
Sorry friend, just teasing. You were probably trying to type 'nsec', but auto correct is never our friend!
on android I just use Amethyst, so I just share with that one app, same as having to trust one signer. On the web i use my own extension as a signer.
π
1. I store my nsec in my password manager.
2. I only use two nostr apps, and I use Nextcloud to get the password database from one device to another, and then the password manager tyoes it in for me. I do not paste it in. It never hits the clipboard
just in a .txt file on persistent storage of my usb flash with TAILS system.
Nice
Damus iOS prompts to save in your password manager
