Oddbean

@Linda our product lead on @nos.social made a mistake and accidentally leaked their nsec. She’s written up an essay on it and why using a keypair is still a much better than a username and password on a server. naddr1qvzqqqr4gupzpjfz2sfh297zr3qcpcpwcl3e98p84caec2y2ntqdvyrgeygwsn6tqq24sn2nx4zy542hwdxngvr4x3f9vs6x09yk5zgsxan https://njump.me/naddr1qvzqqqr4gupzpjfz2sfh297zr3qcpcpwcl3e98p84caec2y2ntqdvyrgeygwsn6tqq24sn2nx4zy542hwdxngvr4x3f9vs6x09yk5zgsxan

I am skeptical about both the problem statement of "email+password are failing tech" and the solutions proposed for nsec failures. A good solution for nsec sharing seems to be nip49 - nsec should only be exported in encrypted form. Adding a warning or a different nsec formatting doesn't help a user who is in a rush and copy pasting stuff around and clicking 'publish'. Storing nsec in keychain is great, but it's not available on many platforms. Also nsec is as prone to phishing as passwords - if apps keep asking for your nsec. That's why nip46 adoption should make a difference - no nsec sharing, and it's an open protocol and you're not locked in to a single SSO provider.