Join Nostr
2023-10-26 12:11:26 UTC
in reply to

boilerhodl on Nostr: If an attacker had your TAPSIGNER, they'd still need your username/password to ...

If an attacker had your TAPSIGNER, they'd still need your username/password to authenticate and vice versa. We don't secure funds with these Tapsigners. They are only for 2-factor authentication, so the Best Practice violation seems like a reasonable trade-off for this use case.
Author Public Key
npub14y9984l32yr3jna9gsh5lz9l6l2yp3uxx8nxrav6u3jcr8duhhhqzg8xet
Seen on
wss://nos.lol