brugeman's avatar
brugeman artur@nostr.band 2 years ago
I need to do more research here. One question though - if nsec is encrypted by password then user would still have to enter it in the app, even if server only needs webauthn to return the encrypted nsec. So from user's point of view, it's still a second factor, even if server needs just one. Or am I missing something?
↑ Parent

Replies (1)

ocknamo(早く寝ろ)'s avatar
ocknamo(早く寝ろ) ocknamo@ocknamo.com 2 years ago
Mostly, you are right. But strictly, it is not a password for authentication, but just an encryption key, so the user is only asked to enter it when changing browsers, for example. This is because it is usually not recommended to store passwords in localStorage, etc., but with an encryption key it is considered possib le. I think in bitwarden it is called "master password".🤔
1 replies ↓