I love the decentralized nature of Nostr, but I have a nagging concern about my Nsec. If this secret is ever compromised, my entire identity across Nostr is compromised.

Is there a method to rotate breached nsec based on my npub? How would this work?

I would only possess an authenticate token, my npub, that anyone would know or could find out. I like how private Nostr is, but without having my nsec/npub associated with another identity like my email, it seems like I must protect my nsec at all costs.

I store my nsec in 1Password, so I’m not overly concerned about disclosure of my nsec locally, but I worry that another strength of the Nostr ecosystem (as I understand it after using it for 48 hours) could prove to be a security weakness: all Nostr clients must protect my nsec equally. If one of them ever mis-handles this secret, my entire Nostr identity is compromised.

Am I understanding Nostr Authentication properly?

#asknostr