I feel like this is a huge problem with nxt that needs to be resolved... (Maybe with trustless 2 factor multisig on your phone). I am so worried that if anything or anyone was able to get their hands on my password then what the hell would I do? There is no "change password" functionality. I would need to go through my assets one by one and transfer them to a new account. Followed by sending my nxt(since I need my nxt to transfer out the assets). With bitcoin it's easy because you just send all your coins to new address, takes a second. With nxt you possibly have so many things in your account; this lack of 2 factor or multisig is a massive problem that needs to be solved asap. I feel paranoid as shit entering my password into secureae. My single account holds everything I own in nxt, including a massive investment in supernet. In bitcoin I would have had 90% of this in cold storage but that does not appear to be possible with nxt and is an extremely paranoia bringing feeling.
This is a very reasonable point.
For what it's worth, you can now set up 'cold' nxt accounts. There are instructions around somewhere... someone might be able to point towards them.
I have 2 nxt accounts. One current account, with a few nxt and small holdings of assets in, one account I rarely access. You could set up a cold account and send nxt and assets to it, without ever typing the private key into a connected computer.
Eventually, I hope it will be able to create signed transactions on an offline computer, and then submit them to the network, so that you can arrange for nxt and assets to be moved from a cold account safely. (It may be already, though I'm not quite sure how.)
