We have carefully designed Rizful for maximum security. At the same time, we have found that too many Nostr users have poor security practices with their private keys. (For example, entering private keys into many websites and apps.) Since real money is involved, we don't allow users to login via Nostr, and we don't ever ask for your private Nostr key. A combination of email/password, plus optional two-factor authentication, is the battle-tested and secure way to protect your Rizful account. This also means that, if, in the future, you make a mistake with your Nostr keys, your Rizful account won't be vulnerable.

Basically, we believe that your IDENTITY is OK to trust to Nostr signing, however, your FUNDS are not ok... it's like using the same login/password for your email as you would use for your bank... not a great security practice. I know this is controversial, but we are really 1000% focused on security.