I mentioned in a thread the other day how we're white-boarding authentication for like the 5th time for Lightning.Video - It's a tough problem.

Decentralized tech becomes pointless if you depend on existing authentication systems and patterns... but we also can't onboard the masses with easy to fuck-up key pasting or extensions that expose your entire browser storage and don't work on mobile.

It's not a new problem for Bitcoin/Nostr either, grizzled old *nix administrators still manage SSH keys in convoluted ways, and we've had since the dawn of computing basically to figure that out.

The most promising thing I see out there now, and we'll be working on moving to, is something based on nsecBunker (h/t Pablof7z)

Bunker is a service you can either host yourself or have hosted, and works kind of like a browser extension in signing events and keeping the key away from apps, but does so remotely by wire which solves the countless issues present with extensions.

Mainstream users could still use conventional email auth with a bunker service, and the flow for using new apps would be similar to OAuth patterns.

It'll be custodial for most people, but the important thing is it's trivially self-hostable and portable, which should keep it far more decentralized and permission-less than Google/FB/Apple Auth.

I'm hoping that with some attention to this we'll finally be able to bring users into these apps that aren't otherwise willing or able to deal with handling private keys.