Braydon Fuller on Nostr: Entering a private key into a web app is much less secure than a signer app or ...
Entering a private key into a web app is much less secure than a signer app or extension. However, a signer app still can have its issues, just less.
A few of the issues:
- Phishing attempts from similar looking domains.
- Hot loading code from a remote server, not signed releases from the maintainer.
- Encourages entering nsec somewhat carelessly into more than one web app. It could be entered into a clipboard, which as been another vector of attack.
- Users habits of this type of behavior from passwords on every other web app. Passwords can be reset via email resets, a private key can not be reset. It can thus not communicate the importance of it not leaking, and thus careless backups and storage.
None of that is good for non-technical users.
A few of the issues:
- Phishing attempts from similar looking domains.
- Hot loading code from a remote server, not signed releases from the maintainer.
- Encourages entering nsec somewhat carelessly into more than one web app. It could be entered into a clipboard, which as been another vector of attack.
- Users habits of this type of behavior from passwords on every other web app. Passwords can be reset via email resets, a private key can not be reset. It can thus not communicate the importance of it not leaking, and thus careless backups and storage.
None of that is good for non-technical users.