I like the idea of revokable subkeys. You could use a shared cloud custodial login service for the subkey but keep the root offline or backed up. That way you could get easy login without giving up control.

Potentially you could inscribe controls over what a subkey could or couldn’t do. Which would be interesting.

nostr:note1n8tslzwrwqkl3msf7d6xhkjz6ll9pxfjz4v0cmdw47w3glj2tessv4qpk0