I'm no dev, I was a bit skeptical to try it at first but it seems ok. It's run by Nostr.Band which seems to be a good company.  

 Can this be used for nip07 logins on mobile? 

 It certainly isn't a good idea to just go around slapping your private key into anything asking for it. We will definitely be needing more protection and better security as time goes on.

This isn't what I want necessarily, but if it's trustworthy software, I'd consider this to be better than the current model most people are using (paste into whatever tool asks for it.) 

 Yeah it seems better and works better on mobile. What happens if nsec app is down though and you didn’t export your key? 

 The same thing that always happens if you don't backup your key I suppose. But this is why I'd prefer a model similar to how hardware  wallets work. I just think one point of failure is safer in this context than having one key in a bunch of rando apps that may be malicious or incompetent. 

 This depends on what you mean by 'down'. 

If our APIs are down then the background signing won't work, but the web app (and pwa) will work and will allow export and signing (with an open nsec.app tab). 

The web app is unlikely to be down - it's hosted by vercel cloud, and it's heavily cached in your browser so even if vercel is down it would still work from cache. 

We also have roadmap for various backup strategies being auto-implemented or at least auto-suggested.

In the worst case we're permanently down or have killed our database and you clear your browser data and have no backup - then your nsec is gone.  

 I think that's a reasonable risk considering one can have an offline backup AND it's still better than handing the key out like candy, assuming the service is trustworthy. 

 Or in this case you'd just be locked out if you mean a web service is down. I'm willing to sign with hardware, but a hottish wallet would probably be best for most. With, of course, an offline backup. 

 Nip46 is a good idea, hopefully with a set of patches I sent last week we'll have major apps (habla, snort, coracle, nostrudel, etc) supporting it well on all platforms. Nsec.app or not, a good cross-platform key  storage with permission management etc is way better than copy-pasting nsecs.