Nostr Web Client

Yes. Also google/facebook can impersonate you here, without you knowing. You could do multi factor account recovery via nip05 if you really wanted to. But that opens up some trade-offs.

DataNostrum 2y ago

Concerning recovery, what do you think of this?

nostr:note1utlmh036g2qvjf6373x9dzyaf4x5dvyqjhmvvkzkqkw3gjeft37q3fgvtp

Reply to this note

Please Login to reply.

Discussion

Melvin Carvalho 2y ago

Yes, it could work in some situations. But the attacker could also add a failover. Or add a failover and wait. Two way verification with other networks would allow you to revoke and restore keys with higher confidence. We dont have a way to roll over keys, that all clients accept. And if something gets rushed through the NIPs we may be stuck with something that has weaknesses and hard to replace.

I like something like this, with OP_RETURNS, it tracks new keys.

https://nostr.directory/p/melvincarvalho