#asknostr
we started working on nostr login for iOS and it looks like there are 2 options:
should we DM an OTP to your npub
or
should we ask for the nsec
?
Discussion
🤙
Never ask for the nsec.
No, do not ask for the nsec (just like you never ask for a seedphrase - not your keys, not your data).
So you need to handle a signed piece of data. Your existing users know something unique (a password) which they can use to deliver that (with their nsec) signed piece of data.
With a Nostr keypair you don't need to manage/store any passwords and I can imagine that quite a migration you need take care of.
That said, using an OTP can be a temporary way to login...
We’re going to doing something even more private. Stay tuned.