For the web based apps, yes! We need nostr oauth servers that can hold users nsecās. Users should have the right to download / backup their nsec, but if we could get a nostr login service that worked for users where they could login with phone number or email/password then thatād be better. Or hell, use third party oauth, so passkey or existing providers like googleā¦
Folks understand login with apple/google/twitter/Facebook. We should offer it.
Absolutely agreed, the average person will not save their nsec key and would not know where to save it. I know several people that even after I told them about password keepers like keepass are still using pen and paper to save their user and passwords. All of these people will just leave as soon as they think that they have to write down all of their nsec key on their password notepad š
And thatās fine, most people arenāt using these accounts for super secure things, if they do lose a key and have to start their account over from scratch, itās not a big deal.
It is fine indeed, but it would be nice if they could recover their account via email. If I were to build a system for this I would give the option of the ability to recover the account with email, if activated, you should have a disclaimer explaing you the risk of someone taking over the account and know that nsec is more secure. So people can choose convenience over security and enjoy nostr with us :).
The way I see it is that itās kind of like password managers, you should use them but many folks just re-use a couple passwords.
