True on many levels; keys also make it easy for developers, but without key rotation or universal recovery (similar to what legacy web have with email), it also becomes a liability. Many users aren't ready for that, especially when features like passkeys, one click login. I also happens to believe in case of nostr, we can offer passkeys like feature in trustless manner. I think that should be our goal.