Nostr Web Client

yes. and the lighting address is often publicly posted on nostr.

That makes sense (and accepting lightning addresses for password resets might have seemed like a reasonable feature, comparable to usernames).

I might suggest a clarification on the official announcement:

“Password request emails also have been requested for lightning addresses which falsely exposed the user's email address”

The phrase “falsely exposed” sounds alarming, but I think you mean that users might “falsely” conclude their email was leaked from Alby, not realizing that their lightning address could have been used to kick off the password reset.

Or am I misreading “falsely exposed” here?

Reply to this note

Please Login to reply.

Discussion

⚡ Dee Kay ⚡🇸🇪🇬🇧🇨🇿🇧🇷🇦🇹 2mo ago

You cannot login or request password request using the randomly assigned lightning address (which I had).

My account login email address was only known by Alby.

christopher 2mo ago

ok, according to another user, the password reset screen *did* reveal the underlying email address for a lightning address. not good!

⚡ Dee Kay ⚡🇸🇪🇬🇧🇨🇿🇧🇷🇦🇹 2mo ago

That would explain things and wouldn't be the worst scenario to be honest 👍