💯 people are so used to email as auth that fighting it at this point feels counterproductive. Trying to explain you don’t have a password, you have a private key, but it’s like a password, but you can’t change it, or reset it, or lose it.
Maybe we focus on bridging legacy oAuth with keys and just riding the semi-custodial rails for now. What’s the Venn diagram of Christians or Farmers and people who understand the importance of open internet standards?
A community needs quality content first, nobody arrives for the protocol (unless the community focus is the protocol - IE current nostr active users) Hardcore nostr folks who understand identity get frustrated and think everyone would just get it if you explain it properly, but the reality is very few will even listen. Do it for them, and then offer it up later should they need it.
Also, to pre-empt any “your key is not your identity” comments. Without a key, it’s just anonymous json. The entire concept of portability dissolves without the identifier. Nostr is an identity system with a collection of semi-documented schemas.
Dome sites don’t even have passwords, they just email a pin every time you log in.
My issue is with Authenticator apps: I want standalone hardware for this, not a phone with some centralised company holding my 2FAs.
The email + pin thing is a surprisingly useful pattern. Damus adopted a form of it for their website login which is cool. Pushing it further, wonder if the key could be sharded across a collective of providers and you never even see it. It’s just out there.
RE: 2FA… different topic but if you are on iOS the 2FAS app is very nice and clean, open source, and you can store backups in your iCloud account. Not perfect, but better. Been moving off Authy.
Thread collapsed
Thread collapsed
