If you haven’t lived in the mountains for the last few years, you’ve probably set up several social media accounts in your lifetime; many of us live with the reality of managing multiple accounts for work or play. You might use Twitter for news and shouting at strangers online, while you find Instagram your go-to for reasons why you should spend money, while you need a Facebook account to keep up with grandma.
We all have our preferred social media platforms, and with each one we choose to use, we need to create an account, which means tying it to an email address, setting up a unique password, downloading the app or keeping the account saved in our browser for quick login.
While devices have made it easier for us to manage multiple accounts, it can quickly become a pain to recover should that device fail or fall out of sync with your accounts. Then you’re scrambling to find the password, hoping it was saved on a note or in your browser, or you’ll have to face the dreaded task of resetting all your passwords.
That’s not to mention the additional 2FA security measures and security questions you may have set up and long since forgotten about.
Ditching accounts for keys.
In Nostr, there is no central entity managing the accounts, so you can’t request someone to give you a second chance by providing proof you once had access to the account. Instead, Nostr uses public and private key pairs to assign a user identity. There are no usernames or any type of identifiers that a relay server is in control of to associate with individual users.
It is simply those users’ keys that are completely under their control and with complete control comes personal responsibility. Your keys are the only method of access to your account and are the means by which you perform actions with Nostr clients. When you perform a task like creating a post, you are allowing the client to sign Nostr events.
Now instead of having to create accounts with usernames, tie them to email addresses, set up 2FA with an authenticator or your phone number for each platform you wish to use, you simply provide your key as proof of who you are, and you can use that proof to seamlessly login to any service that recognises the Nostr network.
Your Nostr private key can unlock the doors to many accounts, and you can choose to hand over your keys to the client, store it in your browser or safer create a walled garden for your keys that Nostr clients will need to request a signing from, but never have access to the key.
These applications are known as key management tools.
Malicious or fake sites
Since there isn’t one central sight to access Nostr and any site could provide Nostr support, it opens up the possibility for you to sign into several sights using your Nostr account. Think of it as the ability to sign in or create an account using your Gmail or Facebook account, and offering you a one-click sign-in and account creation process.
While this is pretty convenient, it also leaves you open to attack should you paste your keys into a site that is not a legitimate Nostr client or looking to secure accounts that they can use as social proof to scam others.
Instead of pasting your key directly into a site, using a key management tool would be the safer option.
Man in the middle attack
Even if sites are legitimate, they might not have the ideal security, and man-in-the-middle attacks could take place where a malicious actor is able to access the Nostr client’s front end and eavesdrop in on your sign-in; this is where attackers interrupt an existing conversation or data transfer and could capture your keys.
Nostr key management options
If you like the idea of having a safer way to manage your keys and you’re looking for available options, you can try out one of the following solutions.
Ably wallet
The Lightning wallet Alby offers users a browser extension that can also generate keys to use with Nostr. The Alby extension ensures that these keys are generated in a simple, instant manner, and users are freed from having to remember their keys, as they’re stored in the extension itself.
Users will need to head to the settings area of the extension to find the Nostr settings and click the “Generate” button; you’ll receive a new private key based on the account you’re using.
Once you have set up your private key, you’ll be able to interact with any Nostr client with Alby as your signer.
Blockcore wallet
The Blockcore wallet does wallet management, account management, identity management and signing software built to be used within a range of internet services. Blockcore Wallet is cross-platform and works in different modes, such as browser extension, Progressive Web App, native mobile and desktop app and more.
Blockcore Wallet supports:
- Chromium-based browsers – Chrome, Edge Opera, Brave etc.
- Firefox is not supported, and support for Firefox is not planned, in case you were holding out for hope.
Find out more about Blockcore wallet.
Nostr extensions
If you’re not interested in using a multi-functional wallet for your Nostr time, you can opt for an extension that only has one purpose, and that is storing and managing your key signings on any Nostr client.
| Key Management Tool | Browser Compatibility |
|---|---|
| Wen | Chrome & Chromium browsers, Firefox |
| Nostr2x | Chrome & Chromium browsers |
| Flamingo | Chrome & Chromium browsers |
Nostr keys, Nostr account
Leaving behind the safety and familiarity of the email account managed by a centralised entity model can seem a little scary at first, especially when you realise that there are no takebacks. If you’re committing time and effort to build an account on Nostr and you lose those keys, all that work is gone for good, which is why keys and key management needs to be a focal part of onboarding and user experience.
A protocol based entirely on public/private key pairs being used as identities cannot gain traction and adoption if people are burning their accounts by accident or handing it over to scammers. The integrity of those identities needs to be protected and maintained for users and if this can be achieved at scale is still an open question.
Nostr is still uncharted territory, and while it is essential to ensure you keep your keys safe, it’s also important to note that all software recommendations should be considered experimental, and you are using them at your own risk.
Do your own research.
If you’d like to try out Nostr or want to learn more about it, we recommend checking out the following resources to kickstart your research.
Are you on Nostr?
If you are a Nostr user and want to hang out and chat with us or follow our content on your preferred Nostr front end, feel free to add us using our PubKey below.
7ecd3fe6353ec4c53672793e81445c2a319ccf0a298a91d77adcfa386b52f30d
The Bitcoin Manual’s Nostr Pubkey
Please give us your notes.
If you have used Nostr, which key management tool do you prefer and why? Are there any key management tools that you think deserve mention?
Let us know in the comments down below.
