The problem is it's a multi step process and not very private where it could just ask my nip07 to sign a message.

As it is, I can trivially get a list of all login events of all nostr users without much gain.

It is better than asking for the private key though.