Perhaps it would make sense to post a list of signing extensions on the login page, and recommend that people use those rather than entering an nsec, or perhaps you already do that?
Discussion
Yep, nsec login is already discouraged in Coracle's login process.
Why have it even as an option?
Keys are simple, external 3rd party dependencies aren't (and, as you note, may not be any more secure). It's all about ease of use for non-technical users. But the days of nsec login are numbered, we just need really solid flows for secure custody. nsec.app comes close.
Entering a private key into a web app is much less secure than a signer app or extension. However, a signer app still can have its issues, just less.
A few of the issues:
- Phishing attempts from similar looking domains.
- Hot loading code from a remote server, not signed releases from the maintainer.
- Encourages entering nsec somewhat carelessly into more than one web app. It could be entered into a clipboard, which as been another vector of attack.
- Users habits of this type of behavior from passwords on every other web app. Passwords can be reset via email resets, a private key can not be reset. It can thus not communicate the importance of it not leaking, and thus careless backups and storage.
None of that is good for non-technical users.
Great points. Web apps also have lots more supply chain attack vectors than single-purpose signers might. I especially like your point about training users. Lowering security to accommodate UX doesn't do anyone any favors.
What are your thoughts on https://app.nsecbunker.com/?
It's a good start, but ultimately a custodial honeypot. Self-hosted bunkers are much better, but hard for normies. Multisig could be a great way to solve this, I know it's been worked on some.
start establishing the self hosted bunker paradigm now. its going to be necessary for the internet of the future
The use case for it I think is limited to cases in which delegation is a need, for example for an organization with employees.
It being any kind of added safety or security, I think is a far stretch and confusing use of naming.
It's often custodial and by that nature already leaked; not your keys, not your profile. As for it being self-hosted, a simple signer app that isn't remotely accessible or managed has much less risk.
I am guessing two possibilities:
1. The friction to onboard new users would be pretty high as it currently stands, if they have to go and figure out using a key extension.
2. The developer, in this case @hodlbod, would need to trust that the signing extension options are excellent, and have been audited rigorously.
I can imagine that as a developer, if one knows one is acting in good faith, it might be easier to trust oneself and one’s intentions, than those of others?
Curious to hear thoughts, esp from developers nostr:npub1jlrs53pkdfjnts29kveljul2sm0actt6n8dxrrzqcersttvcuv3qdjynqn nostr:npub1xtscya34g58tk0z605fvr788k263gsu6cy9x0mhnm87echrgufzsevkk5s nostr:npub1gcxzte5zlkncx26j68ez60fzkvtkm9e0vrwdcvsjakxf9mu9qewqlfnj5z nostr:npub16c0nh3dnadzqpm76uctf5hqhe2lny344zsmpm6feee9p5rdxaa9q586nvr nostr:npub1g53mukxnjkcmr94fhryzkqutdz2ukq4ks0gvy5af25rgmwsl4ngq43drvk nostr:npub1v0lxxxxutpvrelsksy8cdhgfux9l6a42hsj2qzquu2zk7vc9qnkszrqj49 nostr:npub1xdtducdnjerex88gkg2qk2atsdlqsyxqaag4h05jmcpyspqt30wscmntxy
Nsec login definitely doesn't make much sense, aside from "bunkers are high friction for now so Damus users should just paste nsec". This will improve as bunkers improve, I will share a significant step forward in this area next week.
Local nsec signup makes total sense - let users start asap but then let them export nsec to a bunker. Nostr-login widget has this option built-in, only works with nsec.app for now but will be proposed as NIP upgrade when we are confident it's good enough.