That isn't the only difference. Having my Proton password compromised doesn't also compromise my bank accounts, social media, etc. That's essentially what would happen if one app mishandled your Nostr key. You'd have your entire stack lost all at once. The whole selling point has been one key for all these different things and that is a broken model from a security perspective. As I said, people can use different keys for every service, but that doesn't solve the root problem. You've simply limited the reking to one service, just like the password model we have now. Except there are no recovery options. We need a way to give our private keys to no one. Just like Bitcoin. I shouldn't have to give every wallet my private key to transact, nor should I on Nostr.

We're talking about different things. If you share a password/nsec, multiple services can be comprimised at once. If you type a password/nsec into a shady app (proton, a proton companion or clone, or anything else), it'll be compromised. Both points are true. People shouldn't do either. People are already better (but still bad) at not reusing passwords. Painting an equivalence between passwords and nsecs helps folks grok the problems with nsec reuse. Painting a distimction between them creates some very difficult differences in our expectations. "Identity" on the other hand is distinct, and we do need a way for multiple nsecs to sign for one identity, the same way we have ways to allow multiple passwords to authenticate the same human.

I tried (and failed) to argue the nsec-password equivalence yesterday in a thread 🤣🤷‍♂️