Regarding browser addon for signing Nostr messages:
Is it worth it to have a manual approval each time you have to sign something? I'm thinking of a PIN or even a password.
The idea is that the private key is stored encrypted without the extension to know the encryption key. So each time you need to sign something you, the user, need to enter that encryption key. It could be in the form of a PIN or a password, which you have to enter every time.
Does it make sense? is it too much?
GitHub discussion here: