"logging in" with Nostr is quite different than logging in with a traditional account. When done correctly, the service or platform being accessed never touches your keys/credential/secret. This limits the blast radius of a hack significantly. Can't and shouldn't think of it the same way that you think of "an account"