Don’t paste your private key (nsec) on any website.
Use a browser extension like nos2x, Alby, Nostore or Blockcore Notes to keep it safe.
Discussion
💯 Agree❗️
any of these extensions would work in ios and ipadOS?
Nostore for safari on iOS.
thank you. and how to fill the nsec into website login field from nostore? I have applied the nsec into nostore settings, but I don't see how to fill the nsec into nostr website login field.. 
Click drop-down and the account you added should come up
I click into the nsec field, then click on extension - nothing..😼
Did you go into settings and create a user other than the default and put your nsec in there?
Nostore extension for safari.
Just to expand the list, I will add “Tamga” or "NostrID": An offline first #nostr contact & profile manager for iOS ! (Beta Mode).
This is obviously good advice. But aren't nsecs at risk when plugged into these extensions also? I am using Alby with some success but it doesn't connect to every client reliably yet. I hope to try the others soon. Any recommendations one over another? 🤔
should I trust my key pair generated via iris.to?
I’m not sure I understand your question.
I generated my keys on iris.to, so they might have my priv key. I'm wondering if I could trust them or generate a new key pair...
You can either look at the code and see if it got sent or generate it offline using a tool like nostril etc.
I’m willing to bet that the key generation is done standard using a standard nostr library.
I used rana to generate mine. It was made by #[5]
Nice.
And as you said. Looks like OP made up their mind on potential key exposure.
Another quick tip byrger is to get to the key generation screen and shut off all network connections. Most of these things work clientside and you can cut off any phone home stuff.
What about android Cameri. Not many options? 🥺
What about pasting it into mobile apps such as Damus?
There’s nothing like that yet as far as I know.
Any thoughts on what to do when it comes to Apps in your mobile?. Of course I had to paste the nsec in Damus also in Iris and also in Nostur because I can’t use those signers on mobile within apps. I’m using Nostore when I try things on safari but for Apps there is no choice right?
I think because it’s a local app on your phone it’s safer, but not perfect. There isn’t a solution for mobile as far as I’ve seen but Nostore. That doesn’t work in apps so I think we gotta ride it out with pasting till then.
Yes I’m struggling with that as I now see more and more apps popping up. I first try them with another test private key and then once I feel it’s safe i go with my real one but I hope none of those get hacked as it’ll be a big problem
We don’t have a choice yet, but yeah, you shouldn’t be pasting your private key on random clients just cause they are native either.
The choice is :
- Use open source apps
- Verify the code or trust an independent source
- For developers add key safety informations
Quick look at the login page of #[4]
Nsec security is currently in the dark ages. When do we get signing devices?
But how safe are these extensions? 🤔
Fiatjaf wrote nos2x, and GetAlby is an LN wallet. Both are very well respected and trusted in the community.
You should do your own research cause you should not even trust what I am telling you.
Your post is getting a lot of shares.
Added to the https://member.cash/hot feed
How are browser extensions safer than websites, is it just the difference of not throwing your key anywhere and everywhere?
yes
So, don't use #[2] ? 🤣
#[0]
The separation between identity and features is at the core of decentralization
is it have an option to regenerate new code if needed
nostrgram is ok?