{"type":"rich","version":"1.0","title":"boilerhodl wrote","author_name":"boilerhodl (npub14y…g8xet)","author_url":"https://yabu.me/npub14y9984l32yr3jna9gsh5lz9l6l2yp3uxx8nxrav6u3jcr8duhhhqzg8xet","provider_name":"njump","provider_url":"https://yabu.me","html":"If an attacker had your TAPSIGNER, they'd still need your username/password to authenticate and vice versa. We don't secure funds with these Tapsigners. They are only for 2-factor authentication, so the Best Practice violation seems like a reasonable trade-off for this use case."}