Post by Dr. Hax
A password manager is pretty standard for holding Nostr keys. It basically has built in 2FA: something you have (the password database) and something you know (the password to unlock it).
There are people working to make this more usable/safer in the future.
ManiMe is exploring using seed words to generate multiple linked private keys so each client/device you use could get its own key.
There's Amber, which holds your private key in one app and then other nostr clients can request that Amber signs each post (so the nostr clients never see the key, only Amber does). That doesn't address backups, but it helps lower the risk of a key being compromised.
github.com/greenart7c3/Amber
Other people are working on multi-sig solutions so two apps would need to be involved in signing each post. There's quite a bit going on in this area.
0
0
0
0
Yeah, so the sharing of the private key is one of my major concerns with whatever application/ platform you're utilising. You can control your key and be as careful as ever, but it only takes one mistake and it's gone.
The whole seed words being able to generate "application passwords/ keys" is a great idea. Will give Mani a follow and stay up to date with that project.
Will take a look at Amber. I'm still only early days on Nostr, but it's a concern I couldn't shake today when utilising the private key to log into other applications.
Thanks for the write up, appreciate it and great food for thought.
1
0
1
0