Thread
This is why remote signing, extensions, possibly sub keys, etc all need to be a standard. This sort of problem at scale would be a disaster. #Nostr keys are precious and a major problem still remains that many clients or services still have a place to paste private keys to login or use the service.
Be extremely careful with this and if you aren’t sure if you are using keys client side only, then opt out until a better option is available.
Love CoinOS btw, this isn’t a dig and they’ve implemented most of the above options for this reason. Just really important to know the trade offs with things like this.
nevent1qqsfsg878u9luv2sxm6yahyjr4zpt745rdfpuu47wnn9t2dskgem52gpp4mhxue69uhkummn9ekx7mqwjqt9e
Replies (6)
Hey Guy, swan?
where can we find resources in how to rotate our keys.. asking for a friend 😲
You just spin up a new account and move your balances there
Right now the only key rotation is just creating a new account and directing people to it. This is also a reason to have a backup social network to be able to get the word out for which account is truly yours when/if you need to kill a compromised key.
I understand now. Thanks 🙏
Most users probably shouldn't even be completely trusting signing extensions.
Try to practice reasonably good key hygiene (to develop a sort of muscle memory); but, until better standards become available, it's best to just assume your nsec has already been compromised, continue having fun experimenting with Nostr while being careful not to count on anything important to be kept secure, and just know that someday (hopefully not too far off) you'll likely be abandoning your current nsec(s) for new ones better secured by the new standards.
