I'm curious to hear your thoughts on multi-guardian security, where email could be just one of the options. This would open the door to "social recovery", which I think is probably the best recovery method for non-technical people.
I'm not entirely sure how to implement this into Nostr, but maybe it's worth exploring?
Social recovery of keys with shamir secret sharing is a great tool, and under-utilized so far. I actually recently wrote a NIP for key migration: https://github.com/nostr-protocol/nips/pull/2137
The project I was alluding to before is less secure, but is more user-friendly. It uses shamir secret sharing to shard keys to multiple custodians who can then collaboratively sign events using FROST. The user can then recover their key (or log in again) by going through an email based challenge flow: https://github.com/coracle-social/pomade
I should also say that in theory the "mailer" and the "email address" could be anything, so you could implement recovery via twitter DM, simplex, carrier pigeon, etc.
