Replying to Avatar Club Orange

#asknostr

we started working on nostr login for iOS and it looks like there are 2 options:

should we DM an OTP to your npub

or

should we ask for the nsec

?
Avatar
Sebastix 1y ago

No, do not ask for the nsec (just like you never ask for a seedphrase - not your keys, not your data).

So you need to handle a signed piece of data. Your existing users know something unique (a password) which they can use to deliver that (with their nsec) signed piece of data.

With a Nostr keypair you don't need to manage/store any passwords and I can imagine that quite a migration you need take care of.

That said, using an OTP can be a temporary way to login...

Reply to this note

Please Login to reply.

Discussion

Avatar
Club Orange 1y ago

We’re going to doing something even more private. Stay tuned.