The first point is that when I said "technically you don't" I meant that even if it seems crazy, there is no rule that says you *couldn't* implement systems where say you had a LN channel from earlier setup and you logged in with credentials that convert to a signing key.

Consider credit cards; the earliest security model which still exists, is magstripe and it's 100% insecure in the sense that you must trust the vendor's terminal not to skim your private data. The most recent version of this tech signs from a chip as well as using a PIN. While we have nothing like this for LN usage, I'd have to ask: is there a reason it couldn't work? I mentioned bolt cards, that's a step in that direction.

One reason that the credit card (old, insecure) model is more uncomfortable here is because LN is a self-custodial and privacy focused tech, i.e. more cash and not account/custodial; that's more autonomy but harder for resource-limited users, right.

The nicer thing about ecash based systems is the interop with LN so that you can have money passed between mints but that could end up quite complex/fragile (and arguably worse trust model than single mint!), while the more easily imagined case: merchant and customer use the same mint, means that you're back to the limitations that you'd have if some channel or channel topology had to be pre-existent beforehand (possible of course, but more limited than we'd like to imagine). With both a trust requirement, *and* "topology"/"coordination" requirement, I believe an awful lot of very clever setups could be made to work. Though I suspect an ecash mint would beat them all in terms of privacy model, that's where it shines. Doubt that the targeted users would prioritize that, though.