Oddbean new post about login | logout Why do I need to set a password for my @nostr.build account? https://image.nostr.build/46564a610b603537aef7066a99fb55745c52f473cc5ba46610f78db733394100.jpg
Am I misunderstanding something?
I never want to create another account or set another password again. This is #nostr
One the one hand, yes. I love the convenience of using my nostr keypair everywhere. On the other hand... don't love the idea of all of my accounts being perma-pwned because I made a mistake and exposed my privkey.
#reckless
You can still use your key pair and ‘nsec bunker’ to login, but like Fishcake said, it’s a security feature. Also, a lot of people don’t want to use a keypair tool or login with their private keys. We have options!
I can't get past the "set a password" screen when trying to sign up for premium. Maybe I'm stupid 🤷
i also know your npub. if you dont password protect it, i guess i could access it
@The Fishcake🐶🐾
Because that’s how we have had accounts in the beginning, where nostr authentication was added later. This also serves as a second layer of protection if you lose your nsec or if it gets compromised. 🐶🐾🫡
Alright, so that's technical debt is what you're saying. Please consider changing this. I don't want to deal with my password manager in the nostr world. Password managers are a symptom of a broken system, and imho #nostr fixes this.
Use the other login option. Don't need a password.
You don't have to. You can login with npub+DM.
Personally, I prefer not to paste my nsec everywhere, but I also hate the need for an additional password 😅 @Derek Ross Could you maybe add a lightning login feature? 🙏
fight me https://image.nostr.build/08ecc6a54a8bbe2a92b0a5edba42d4434027ed3d5119ded186ff4f6895d9c6be.jpg
It’s not passwords, it’s “users”. You are not an owner, that’s why you have to register
we have had EC PKI for over a decade now, it is time to move on, i agree a keychain like this literally only has to be a few keys which you segregate for purposes or alts there is already public registries of these keys but honestly the state of PKI is still pretty bad, and you would have to be silly to have me believe that pgp is fine, if it was then explain why it's becoming very common to use SSH for git repo auth? i wouldn't say it's a symptom of a broken system so much as a failure of tech companies to care about security, which should be considered to be suspicious that's worse than broken, that's corrupt
passwords make me like… https://image.nostr.build/e21b55df3d5ed64e5261685e2f523d14f1f1712c912e8ec248c0b452c146184e.jpg
🏳️🏳️🏳️ .. you won, I surrender.
we have had EC PKI for over a decade now, it is time to move on, i agree a keychain like this literally only has to be a few keys which you segregate for purposes or alts there is already public registries of these keys but honestly the state of PKI is still pretty bad, and you would have to be silly to have me believe that pgp is fine, if it was then explain why it's becoming very common to use SSH for git repo auth? i wouldn't say it's a symptom of a broken system so much as a failure of tech companies to care about security, which should be considered to be suspicious that's worse than broken, that's corrupt
is the signup flow include this? i didn't realise it did, i thought it was just based on nostr cryptography?
🏳️🏳️🏳️ .. you won, I surrender.
No, you said "options" and @Gigi as if understood setting a password is optional, but what you meant was logging in with a pw is optional - setting a password is not.
