I generate an additional pair of keys for the following reasons
-
A user may not always have Web3 installed on the browser they are using with their account unlocked. Consider the example of signing in into your CryptoKitties account from your friend’s machine. If you do not have the same account imported on the device you are using, you are pretty much locked out of your own account.
-
Using independent keys are also to ensure that identification is decoupled from the payments workflow. I do not expect every layman to set up their own HTTP server to handle the login requests. Decoupling the keys allows one to trust someone else with the identification private keys if need be, at the same time be totally sure that their ETHs are perfectly safe no matter what. Should the Server that hosts their private key be compromised, they can always change the keys and register with a new server or set one up themselves.