LNURL-withdraw is increasingly used for convenient contactless payments via NFC devices that do not require a battery and do not have a user interface.
While these devices can produce unique one-time LNURLw-links with replay protection there is still the risk of losing the device or maliciously scanning the device without knowledge of the owner.
Security of tap & pay experiences could be improved by adding a second factor PIN to withdrawRequest callbacks.
I prepared a draft pull request for a new LUD: #200
LNURL-withdraw is increasingly used for convenient contactless payments via NFC devices that do not require a battery and do not have a user interface.
While these devices can produce unique one-time LNURLw-links with replay protection there is still the risk of losing the device or maliciously scanning the device without knowledge of the owner.
Security of tap & pay experiences could be improved by adding a second factor PIN to withdrawRequest callbacks.
I prepared a draft pull request for a new LUD: #200