what nostr clients use seed phrases for login? prob good for noobs to use those clients to generate their key pair. is there a reason why every client doesn't use seed phrases?
Discussion
oops wrong link
I agree that noobs should definitely be doing identity generation with seeds rather than just bare keys. Makes derivation possible in the future as well.
I think the only reason it's not more common is that is wasn't common in early clients and newer clients have built from there. 🤷♂️
yeah i like how nostr:npub1h0uj825jgcr9lzxyp37ehasuenq070707pj63je07n8mkcsg3u0qnsrwx8 makes use of derivation.
being able to add a passphrase when creating an account is nice too.
I likely won't be implementing it into my NVault app for key generation. NVault is for advanced user's anyway but I want user's to have the largest possible rng key-space.
Using a seed phrase is a good choice for wallet accounts, while a keypair is more suitable for Nostr social accounts IMO
I've never really understood seed phrases, except for use in reducing error for physical backups (or memorization). These are not things people do for nostr keys. For every other situation, copy/paste from a password manager exists, which is actually _more_ familiar to new users, particularly to people who use password managers with strong passwords.
I mostly like it for being able to add a passphrase that could be stored separately. I only said noobs because they don’t have a key pair yet. I eventually realized I could just store my ncryptsec instead of nsec in my password manager. This way you’re not totally rekt if you accidentally paste the value from your password manager into something.
nostr:note1kr7umsjpmkem8k6rhswz9rmf6vuhmny2sk5fxpy00ljhlgmw9casuz9s96
Also, way easier to write down if you don’t want to keep it stored digitally
ncryptsec is good, and I need to add support for it
Haha I’ll take a look at it
Well do be fair, I don't ever want a user (including myself) to have an nsec that accessible. It's not a password. I have to jump though about 5 hoops to see my nsec on purpose.
Yeah normal passwords can be changed if you accidentally leak them
Exactly! I just don't think we should have much access to nsec's at all in the long term. Remote signing (in many ways) should be priority, that or some type of delegation that makes leaked keys useless. This one key compromises all is a problem.