How about biometric authentication or pin? For mobile
Most phones equipped to handle and pin as an option?
Discussion
Would def appreciate this as an option nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s
I guess if you signed up you’re already logged in. Maybe pin doesn’t solve anything 🤔
Need a keychain type of access
I often wonder why apps don’t have some standard method of requesting permission to sign messages with designated keys from the device’s keychain, without accessing the private key directly. Is that not something the keychain API can do? Feels incredibly primitive juggling private keys in different apps and relying on devs to be trustworthy and responsible and not screw you over in some supply chain attack.
i think the secure enclave can only store secp256r1 keys so no
Eventually they are going to have to support broader cryptographic functionality. The current situation is untenable and third party keychains can’t fill the gap without introducing additional attack surface. The only alternative is hardware keys but that gets annoying if it’s just for social stuff like nostr or PGP.
secp256k1 keys in apples secure enclave would be huge. you could have a bitcoin and nostr hardware wallet in your pocket.
When I was little I've seen a movie where bad guys detached body parts and cut fingers to get biometric access to a volt.
To this day I can touch a fingerprint phone with a ten meter pole.
Biometric = bad?
In my view yes.
When you attach your access to your body parts, your jeopardizing your life.
We've seen what they do to steal bitcoin or jwellery.
If that’s the case it would already be an issue, yet I don’t see people going around chopping fingers or gouging eyeballs …
Can't compel a password out of someone in the US, but biometrics can be. Pins win in my book, but if someone wants to use it, why not have the option? 🤷♀️
Biometric and pins are just one part each of 3 of a secure authentication scheme.
Biometric = What you are
Pin = What you know
Then there's what you have/own = A cryptographic proof for example.
All three combined are the most secure form of authentication.
But 2/3 is always better than just one.
So i'd advocate for allowing to combine both Bio + pins for those that wish to.