Security & Password

Your password protects this browser

The password you set during first launch encrypts everything stored locally:

Your identity and signing keys
Messages stored on this device
Wallet connections and payment history

This password is local to this browser. It does not protect your Nostr identity on other devices. If someone else uses your computer, they can't access your data without the password.

There is no password reset

We cannot recover your password. If you forget it, you'll need to reinstall the extension and restore your account from your recovery phrase or private key.

How encryption works

All secrets are encrypted with AES-256-GCM
Your password is derived using PBKDF2 with 100,000 iterations
Encryption happens entirely on your device — nothing is sent to any server

Auto-lock

The extension locks automatically when you close your browser. You can also configure an auto-lock timer in Settings > Preferences > Security — the extension will lock after a period of inactivity.

You can manually lock at any time from the settings dropdown.

Changing your password

Go to the browser options page (Settings > Preferences > Security) to change your password. You'll need your current password to set a new one.

Backup your keys

Your 12-word recovery phrase (mnemonic) is shown once during account creation. You can also export your private key (nsec) from the options page under Account > Backup Key.

Store your backup securely — offline, on paper, or in a password manager. Anyone with your recovery phrase or private key has full access to your identity.

Security & Password ​

Your password protects this browser ​

How encryption works ​

Auto-lock ​

Changing your password ​