Skip to content

Authentication

Vigil offers multiple authentication methods for flexibility and security.

Available Methods

Email + Password

Traditional authentication with email and password.

Setup: 1. Register with email address 2. Create strong password 3. Verify email 4. Log in with credentials

Pros: - Familiar - Works everywhere - Easy password recovery

Cons: - Vulnerable to phishing - Password can be stolen - Requires remembering password

Recommendation: Upgrade to passkeys for better security

Nostr Authentication

Log in using your Nostr identity (NIP-07).

Requirements: - Nostr public/private key pair - NIP-07 browser extension (Alby, nos2x, etc.)

Setup: 1. Click "Sign in with Nostr" 2. Approve signature request in extension 3. Account created/logged in

Pros: - No password needed - Sovereign identity - Privacy-focused

Cons: - Requires browser extension - Less familiar to newcomers

Passkeys (WebAuthn)

Modern, phishing-resistant authentication.

Setup: 1. Register passkey during sign-up or in settings 2. Use biometrics or security key 3. Log in with passkey

Pros: - Phishing-resistant - No passwords - Biometric or hardware-based - Industry standard

Cons: - Requires compatible device - Newer technology

Learn more about passkeys →

Multi-Factor Authentication (MFA)

Add extra security to email+password accounts:

Passkey as Second Factor

  1. Log in with email+password
  2. Confirm with passkey
  3. Access granted

Recovery Codes

Backup authentication method if you lose primary access.

Learn about recovery codes →

Maximum Security

Primary: Passkey
Backup: Recovery codes
Notification: Nostr (encrypted DMs)

Balanced

Primary: Email + Passkey (2FA)
Backup: Recovery codes
Notification: Email + Nostr

Simple

Primary: Email + Password
Backup: Email recovery
Notification: Email

Switching Authentication Methods

Adding Nostr Login

  1. Go to Account → Security
  2. Click Link Nostr Identity
  3. Sign with NIP-07 extension
  4. Nostr login now available

Adding Passkey

  1. Go to Account → Security → Passkeys
  2. Click Add Passkey
  3. Follow device prompts
  4. Passkey registered

Removing Methods

  • Can't remove all methods (must have at least one)
  • Generate recovery codes before removing last method

Session Management

Active Sessions

View and manage logged-in sessions:

  1. Go to Account → Security → Sessions
  2. See all active sessions
  3. Revoke suspicious sessions

Session Timeout

Activity Timeout
Active use No timeout
Inactive 30 days
"Remember me" 90 days

Account Recovery

Forgot Password

  1. Click "Forgot Password" on login
  2. Enter email address
  3. Check email for reset link
  4. Create new password

Lost Passkey

Use recovery codes or another authentication method to log in, then register new passkey.

Compromised Account

If you suspect your account is compromised:

  1. Change password immediately
  2. Revoke all sessions
  3. Generate new recovery codes
  4. Review account activity
  5. Contact support if needed

Next: Passkeys →