Hey. In my next version which is currently being review. It has a bit more explanations in the FAQ section.
I’m short, it’s pretty save in my opinion. Because it’s is encrypted twice with 2 different things.
You need to lose your secret key, and also the password. In order to lose your data.
Also, if the community and user base likes it, I have plan to include one time password, so you can encrypt and decrypt with google Authenticator (or equivalent).
Replies (3)
Authenticator would be a great addition IMO - especially if you can do physical security keys using U2F. Looking forward to the FAQ and congrats on the release!
Congrats Jingles! What would be awesome is the ability to derive passwords ala LNURL-Auth instead of storing them - reducing considerably the attack surface. But still use nostr for usernames and other metadata
Derivation could be a password that satisfies the most typical requirements such as 8+ characters, uppercase, symbols, etc
Mmm, that sounds 🤯
Keen to learn more and understand what you mean by using LNURL auth to derive passwords.
