Mostly, you are right.
But strictly, it is not a password for authentication, but just an encryption key, so the user is only asked to enter it when changing browsers, for example.
This is because it is usually not recommended to store passwords in localStorage, etc., but with an encryption key it is considered possib le.
I think in bitwarden it is called "master password".🤔
Replies (2)
Yes, hash of master password is used in bitwarden for server auth (since user already has to remember it to decrypt the master key), and webauthn can be used as a second factor.
My concern with The Nostr, unlike the password manager, is that implementing a master password like bitwarden would actually make the master password and nsec the same thing.
If so, users would have to worry about managing the master password instead of the nsec, which would not be fun.
