Nostr security is hard.. every application has the option to paste your nsec but very little way to ensure it’s not compromised. Nsec signers and other ways to log-in with Nostr needs to be improved..
Login to reply
Replies (4)
Yup. Most Nostr users that have been here for a little while have done things that, from a raw security perspective, mean we should assume our nsecs are already compromised and continue to use them with that in mind. Once this is better addressed users arriving afterwards will be in a better place.
Some of us have been telling everyone else for like three years that pasting nsec's into websites (or allowing such) is bad practice. Some people need to learn the hard way.
yup
Nostr signers . The copy paste is the weak point , if only human brain can memorise that key .
The good way would be generate your seed phrase ( mnemonic) on offline device to prevent any network exposure