Just uninstalled my NIP 07 browser extension to dogfood NIP 46 harder. As a side effect, I am now unable to log in to the majority of nostr apps without pasting my private key.
Login to reply
Replies (19)
Have you tried Nos2X? I use it as my NIP-07, and it works for me quite well.
You're missing the point, I disabled it because I want to stress test NIP 46. NIP 07 is fine (and works well) but isn't how newbies are going to use nostr.
Copy and pasting your private key in 2025 is like walking through Gaza in a U.S. flag t-shirt
What do you use as bunker?
this is the way
Here are two observations I've made while operating this way:
It's absolutely essential to back up private keys. If copies exist in both a browser and a bunker, it's highly unlikely both would fail simultaneously. However, if a key only exists in one location, it's extremely vulnerable to device failure (a lesson learned the hard way).
Surprisingly, many Nostr applications don't support NIP-46. What's even rarer is for clients to support generating tokens and passing them to a bunker. This is largely because nostr-tools primarily supports the bunker generating tokens and sending them to the client.
Amber
Yeah, the QR scanning workflow is super nice, too few implementations support that.
I wish they had this for iOS 😭
Me too!
Also less convenient and secure than nip-46 when you have multiple devices. Better to keep the key in one bunker than multiple browser extensions.
Use keychat. Login with Amber. Then use the embedded browser for NIP07-only apps.
The whole point is not to solve my problem, but to solve onboarding for new users without asking them to install yet another weird thing
I've tried it, doesn't work super well yet
Gotcha. Amber & a browser is really all we need (and works amazingly well), but you're right; too many clients missing it.
Honestly Flotilla with KeyChat login on iOS is so fast and much snoother than having to set up NsecApp as a PWA and bounce between apps for auth perms.
Any thoughts on your old proposal from a year ago or something about a server to handle login with email and password and creates a bunker under the hood for the user? I can't find your note, but I been thinking about it
Yeah, I built it: 
I don't recommend it though, holding a bunch of keys on a server is a recipe for disaster — but maybe multi-sig bunkers or secure enclaves could be used to keep them safe? 🤔
GitHub
GitHub - coracle-social/burrow: A relay/bunker combo which allows nostr apps to bridge email/password to keys.
A relay/bunker combo which allows nostr apps to bridge email/password to keys. - coracle-social/burrow