Basically, as with Bitcoin, you should exercise extreme caution when entering your private key into a third-party platform, whether it be a clipboard, browser, or web client.

To minimize potential hazards on the web, it is recommended to use an extension like ours - where the open-source software (not the client) signs nostr events and your private keys do not touch any server (even Alby's one, it stays secure in your machine)

On mobile, yes, you currently need to copy and paste... for now! We hope developers will soon come up with a better solution.

Try www.getalby.com!