How do you recommend people to manage their nsecs? Where to create them? Where to store them?
Have my own ideas but I'm trying to figure out what is the sufficiently-secure but also convenient model to not overwhelm newcomers.
#asknostr
Discussion
Amber is great on Android.
Shows the keys are separate from the client and the protocol from the beginning whilst stroll being user friendly.
This is my go to for now.
What about storing longer term?
Once we get proper derived keys and key rotation, then root key needs to be on steel in multiple locations. Maybe even some sort of multi-sig for npub generation.
Securing your identity is arguably more important than securing your money. 👀
No entiendo muy bien, amber es como si firmara mi acceso a Amethyst? , y están separados pero podrían hackear mi android y ver mi nsec en Amber??
Sí, Amber es un firmante remoto (local). Piense en ello como una billetera de hardware bitcoin en su teléfono.
Amber almacena las claves en el elemento seguro del teléfono, por lo que es seguro a menos que alguien tenga acceso a su teléfono desbloqueado. También puede agregar un desafío biométrico adicional dentro de la aplicación.
Gracias, y no todos los clientes lo soportan no?. Y como guardar por si se extravía el teléfono por ejemplo?
I use Bitwarden
Create nsec with Amber, write down seed phrase, only connect to clients that support Amber/nip46.
Thanks 🙂
I save my nsec in my secure vault in bitwarden.com and I have a copy in the saved messages in Telegram for convenience 🤷♂️
My stomach can tolerate bitwarden for nsec but not Telegram
I would not use that
I understand, but i am in the process of tryings new Nostr clients, and it is too engorroso 🙄 to open bitwarden too often 🤷♂️
Use an explorer extension or amber in android
No entiendo, por qué?
To save it, we can use a pencil and white paper