Ok. I like your recommended onboard flow. So I’d just generate nsecs for new accounts, pass them “raw” to the NDKSigner, and encrypt/decrypt them with a password for local storage? (In case the user closes the browser) Wd this be best practice? 

 Right, but also I am not sure adding a password is that necessary for starters. 

 Hmm … yea. I can see that.