NIP-05 is Nostr's answer to "how do I have a username without a central platform". Your public key is 64 characters of hex, which is safe but unreadable. A NIP-05 identifier gives you something like alice@nostr.blog that maps back to the same key.
How it works
A NIP-05 is literally a JSON file hosted on a domain. When a client sees the identifier alice@nostr.blog, it makes a request to https://nostr.blog/.well-known/nostr.json?name=alice and reads the public key out of the response. If that key matches the one signing posts under that identifier, the client shows the name as verified.
No blockchain, no central registry. The domain owner decides who gets which name. Anyone can run their own by dropping a JSON file on a static host.
Why it matters
Three practical reasons.
First, discoverability. A name like jack@primal.net is something you can say out loud and remember. A npub1... is not.
Second, portability. Your NIP-05 address points at your public key, not at the domain it lives on. If you move your identity to another host, you can keep your Nostr identity and social graph unchanged.
Third, it is a light trust signal. If a domain is careful about who gets an address on it (for example, checks payment or reviews registration), the NIP-05 adds a little weight to a claim of identity. It is not the same as Twitter's blue check. Nothing prevents lots of domains from handing out names to anyone. But it does distinguish "I am the real Alice" from "I am some random stranger".
Where the limits are
NIP-05 only says "this name belongs to this key on this domain". It does not authenticate the person behind the key. If someone loses their private key, they lose the identity that the NIP-05 was pointing at, and getting a new key means re-registering the address.
It also relies on DNS and HTTPS being reachable. If the NIP-05 domain is down when a client tries to verify, verification silently fails. Most clients cache the result, so a one-off outage does not break your name, but a permanently offline domain does.