You don't have to. You can login with npub+DM.
This is actually the best option, IMO. Don't have to use an extension or share my nsec, also don't have to use a password. nostr:nevent1qqs0tu27fffm2a4cwjtwh78lc2tehqma2g4zny5qg6paklg56k3m2qcpz4mhxue69uhhyetvv9uju6twvamkjefwd4jsygxavex4usqkgvage45lqpdwzjqgqs630zd4nhj67p38dhn9vv7nrypsgqqqqqqsz2l74t
Not as seamless as an extension or nsecbunker.
But doesn't require the validation, installation, or maintenance of an additional application.
@Ava @Michael J @Luxferre What do you think about this option? Am I missing some security leak here? It just sends/DMs you a one-time code that you can type in.
IMO signing with an extension or nsecbunker would be best. I think there's a NIP for HTTP auth using Nostr. The 2FA scheme with npub+DM makes sense to me. It's an extra step to log in, but it would work with whatever Nostr client the user is familiar with already. Easiest flow would have the DM give a link that authenticates and redirects to the home page of nostr.build, so the user doesn't have to copy-paste or remember a one-time code.
Yeah, I think I like it as a second option. I guess because I often switch computers and I don't have my extension on all of them, for all npubs, and then I start e-mailing my nsec to myself or some nonsense. It's too long to just type out.
i recommend logging in with nip-07 extension for best security until we get hardware signing, with npub+dm as a 2nd option. definitely not emailing your nsec to yourself (did you mean npub?)... especially if you aren't using an e2ee email, but even then, it would be more secure to put it in a password manager.