Nuh 🔻 on Nostr: It is an asymmetrical key that can be associated with a web2.0 account to log in ...
It is an asymmetrical key that can be associated with a web2.0 account to log in without passwords by signing a challenge.
The often not discussed aspect of it, is that it is meant to be device bound, so services may only accept keys that are themselves signed by a trusted party, to prove that it was generated in a secure environment where the key can't be extracted by scripts or extensions or what not.
It is not bad honestly, just doesn't work for sovereign identity as nicely.
The often not discussed aspect of it, is that it is meant to be device bound, so services may only accept keys that are themselves signed by a trusted party, to prove that it was generated in a secure environment where the key can't be extracted by scripts or extensions or what not.
It is not bad honestly, just doesn't work for sovereign identity as nicely.