I have played with this a bit lately and my conclusion thus far is: The idea of trying to bind everything to a single private key is such a bad idea for the average person. In order to truly secure a private key you have to go to pretty extraordinary lengths. It is not easy. It is not, "common sense."
Like most of crypto, the basic immutable nature of things is simply bad for humans. Here, your private key is eventually going to get stolen because you have to type in your private key for every login. It creates a phishing/key-logging jackpot. And once the attacker gets you private key there is no recourse. No password reset. No way to regain access. Your accounts are forever compromised. This is the problem with "decentralization" in general. All of the benefits it brings are completely washed away by the mundane daily activities of being human.
I've tinkered with nostr and there's plenty to agree with here, but it's not specific to nostr. Nostr is in its very early days where people who tinker now are also pretty good at protecting that private key (dorks like us). For mass adoption we're probably going to see WebAuthn develop and solve the problems you're mentioning for most non-technical people. The early dorks will flinch at Apple/Google syncing people's e2ee keys, but techies will always be able to just dial in their private key to the client of their choosing. So it will be a bit messy, but hopefully the best of both worlds. And a giant improvement from current paradigm.
I don't use it, but Minds is an example of an app that is using delegated keys to sign people's messages using nostr protocol, allowing a user's data a route out of Minds' infrastructure in the future. Again, seems a healthy improvement.
There are ways to fix this such as the ability to issue a key revocation and issue a new key via a secondary key stored elsewhere but few of these systems implement such measures.
Like most of crypto, the basic immutable nature of things is simply bad for humans. Here, your private key is eventually going to get stolen because you have to type in your private key for every login. It creates a phishing/key-logging jackpot. And once the attacker gets you private key there is no recourse. No password reset. No way to regain access. Your accounts are forever compromised. This is the problem with "decentralization" in general. All of the benefits it brings are completely washed away by the mundane daily activities of being human.