Replying to Avatar ManiMe

buuuuut … Encrypting nsec for private (everyday) use should still be best practice.

So … right now, I see the best “normie” onboarding experience is to simply encrypt and store (not share) their new nsec “in the cloud”. Let their “web of trust” do the key education. Here’s how:

- incentivize “nostr advocates” to invite their friends.

- ask for U&P (only) upon invite.

- create Nip05 with username.

- encrypt nsec with password.

- allow for logging in ( anytime to the onboarding client) with U&P and pasting OUT encrypted nsec for use in other clients.

- encourage advocates themselves to educate their new friends about key management, recomended clients, quality content and follows, and other Nostr pro tips all from WITHIN the onboarding app.

Tell me there’s a better way for onboarding today…
Avatar
ChipTuner 1y ago

If we are strictly talking on-boarding, can't argue with that. A simple and secure solution first/default. If they want to leave/branch to other clients they can learn how to extract their keys, or try more secure management solutions.

Once client apps get better I can't imagine there will be as much client swapping as we do today. So it doesn't have to be easy to swap clients. I wouldn't swap so often if each client didn't have major UI issues that cause me to switch between them.

I also have to imagine some (or most) mobile clients will simply setup a nip46 signer in-app in the future anyway so if users want to try other clients they just need their starter app which is currently holding their keys, no nsec extraction necessary.

Reply to this note

Please Login to reply.

Discussion

Avatar
ManiMe 1y ago

To your point … I’d like my onboarding client to double as a signer … but without key custody…. In the future.

This is how I see onboarding best practice…. Now all we need is funding to move fwd… 🤷🏻‍♂️

Avatar
ChipTuner 1y ago

>Now all we need is funding to move fwd

Same brother!