In theory unless you’re validating each signature external to the client, they could also be signing arbitrary events and saving them for future blackmail or info war. It would be great to have an external super quick and easy 2FA on all outbound signed notes. Does this exist?