Nostr Web Client

#askNostr Why do many clients say that logging in with the private key is not secure, and some, like Coracle, don't even allow it? Isn't the private key transmitted over HTTPS, just like any password? What is insecure?

OceanSlim 1y ago

You're trusting the client handles the key appropriately and doesn't store it or leak it in the future or worse do something malicious on purpose. Logging in with PK is handing your PK to the client. Doesn't really matter if it's securely transmitted. Use a signing extension on web (nos2x) or a signing app on mobile. (Amber)

Reply to this note

Please Login to reply.

Discussion

No replies yet.