Replying to Avatar Rizful.com

OK, so, walk me through this.

This is system it to log users into "Damus Purple", their premium service.

1. User has to be logged into Damus (with an nsec)

2. User submits a their npub

3. User is logged in to Damus Purple via the OTP sent via Nostr DMs.

Do I have that right?

The issue is this: I think a user's sats and a user's Nostr nsec should be firewalled -- for the same reason that normies don't log into Instagram with their Chase account, and don't log into Chase with their Instagram account. It's more secure to keep money separate from identity.

Or am I missing something?
Avatar
The Daniel πŸ–– 3mo ago πŸ’¬ 1

No, you got it correct. I guess my question is are the user’s sats safer using an email address provided by a centralized service that can be revoked?

https://www.pcmag.com/news/journalists-hacktivists-proton-mail-reinstates-suspended-accounts

Reply to this note

Please Login to reply.

Discussion

Avatar
Rizful.com 3mo ago πŸ’¬ 1

Sure, email addresses can be revoked. On any given day, for a Normie, this is a 0.0001% chance that this will happen. On any given day, for a Normie, the chance that they will misplace their nsec (or never even understand that they have an nsec, in the first place), are like 10%.

Avatar
The Daniel πŸ–– 3mo ago

So you wouldn't consider this even as a backup or alternate 2FA method for that reason?