Replying to Avatar jb55

password managers generate a unique password for each website. this means if one of your passwords leaks it won't compromise any of your other website logins.

nostr-login is a regression: if you leak your nsec then they have access to every website that you've ever logged in to.

using your npub for logging into everything is a really bad idea security wise, please be conscious of this before implementing or pushing this as a login solution to websites which may contain sensitive information.
Avatar
Renee Vandervelde 1y ago

This is also ~pretty much true of all single-sign-on schemes like Apple/Google's.

I've been annoyed for a long time that logging into YouTube on a device also technically logs me into Gmail.

Unique sites should get their own unique secrets.

Reply to this note

Please Login to reply.

Discussion

No replies yet.